A VirtualBox based Windows domain lab for practicing IT support, Windows administration, troubleshooting, detection, and hardening in a small enterprise style environment.
The goal of this project is to build hands on experience with real problems a junior IT support technician or junior sysadmin might face: user login issues, Group Policy problems, endpoint monitoring, Windows logs, network troubleshooting, and basic security hardening.
| Machine | Purpose |
|---|---|
pfSense |
Firewall and routing |
DC01 |
Windows Server / Active Directory Domain Controller |
WIN11-CLIENT01 |
Domain joined Windows workstation |
WAZUH01 |
SIEM / endpoint monitoring |
KALI01 |
Controlled testing machine |
VirtualBox networks used:
LAB-WANLAB-LANHost-OnlyATTACK
Purple-Team-Home-Lab/
│
├── setup-process/
│ ├── README.md
│ └── screenshots/
│
└── scenarios/
├── T1110-password-spray/
└── T1557.001-llmnr-nbtns-poisoning/
setup-process/documents how the lab was built.scenarios/contains practical troubleshooting, detection, hardening, and validation exercises.
| Scenario | Focus | Skills Practiced |
|---|---|---|
| Password Spraying / Account Lockout | AD authentication and lockout investigation | Event Viewer, Wazuh, account lockout policy, Event ID 4625/4740 |
| LLMNR/NBT-NS Poisoning | Name-resolution attack and hardening | Responder, Sysmon Event ID 3, firewall rules, detection gaps, validation |
This lab supports my goal of moving into a remote IT support or junior technical role, while building a foundation for future SOC/security operations work.
The focus is practical: reproduce problems, investigate them, fix them, validate the result, and document the process clearly.
This lab is for educational testing only. All testing is performed in an isolated lab environment on systems I own or have permission to use.