About
jellybeansontoasties
Cybersecurity enthusiast | Home lab builder | Security researcher
Profile
I'm a cybersecurity enthusiast passionate about offensive security, threat detection, and building isolated home lab environments for hands-on learning. This portfolio documents my journey building a 3-VM cybersecurity lab on Arch Linux using KVM/QEMU virtualization.
My lab focuses on practical penetration testing exercises, SIEM detection and alerting, and documenting attack methodologies from both offensive and defensive perspectives. Each writeup includes attacker techniques alongside blue team takeaways, demonstrating how security monitoring can detect and respond to threats.
When I'm not breaking things in my isolated lab, I'm exploring SIEM configuration, learning about vulnerability assessment, and contributing to open-source security tools. This site serves as both a learning journal and a portfolio of my practical security research.
Lab Build Timeline
KVM/QEMU Setup
Configured Arch Linux host with KVM/QEMU virtualization. Set up libvirt and virsh for VM management. Created isolated virtual bridge network (virbr1) with subnet 192.168.100.0/24 to ensure complete isolation from production networks.
VM Provisioning
Deployed three virtual machines: Kali Linux (attacker platform), Metasploitable 2 (intentionally vulnerable victim), and Ubuntu Server 22.04 (for SIEM deployment). Configured networking, allocated resources (RAM, vCPUs), and verified connectivity between VMs.
Wazuh SIEM Deployment
Installed and configured Wazuh SIEM on Ubuntu Server VM. Set up agents on all VMs for log collection. Configured rules for detecting network scans, authentication failures, file integrity changes, and privilege escalation events. Verified alert generation and dashboard visibility.
Attack Scenarios
Executed and documented multiple attack scenarios: network reconnaissance with nmap, SSH brute force with Hydra, reverse shell payload delivery with msfvenom, and privilege escalation techniques. Each scenario includes attacker methodology and corresponding SIEM detection rules.
Tools & Technologies
Kali Linux
Penetration testing platform with comprehensive security tools
Wazuh
Open-source SIEM and XDR platform for threat detection
Metasploit
Exploitation framework for security testing and research
nmap
Network scanning and service enumeration tool
QEMU/KVM
Type-1 hypervisor for Linux virtualization
Arch Linux
Lightweight, rolling-release Linux distribution
Skill Summary
- Security Tools: Nmap, Metasploit, Hydra, Wazuh SIEM.
- Platforms: Kali Linux, Docker, KVM/QEMU, Linux (Arch, Ubuntu, Debian).
- Concepts: Penetration Testing, SIEM, Log Analysis, MITRE ATT&CK, Network Reconnaissance.
- Scripting: Bash.
GitHub Repository
View the source code, lab configuration scripts, and additional documentation: