Lab Architecture

This is an isolated 3-VM lab running on QEMU/KVM on Arch Linux. The host system is an i7-13700HX with 15GB RAM and an RTX 4060 GPU. All virtual machines are connected to an isolated virtual bridge network (virbr1) with no external internet access, ensuring complete isolation for safe penetration testing exercises.

Network Diagram

┌─────────────────────────────────────────────────────┐
│              HOST: Arch Linux (owo)                 │
│         i7-13700HX  |  15GB RAM  |  RTX 4060        │
│  ┌──────────────────────────────────────────────┐   │
│  │          virbr1: 192.168.100.0/24            │   │
│  │  ┌──────────────┐    ┌──────────────────┐    │   │
│  │  │  KALI LINUX  │───▶│  METASPLOITABLE │    │   │
│  │  │ 192.168.100.10    │  192.168.100.20  │    │   │
│  │  └──────────────┘    └────────┬─────────┘    │   │
│  │                    ┌──────────▼─────────┐    │   │
│  │                    │   WAZUH SIEM       │    │   │
│  │                    │   192.168.100.30   │    │   │
│  │                    └────────────────────┘    │   │
│  └──────────────────────────────────────────────┘   │
└─────────────────────────────────────────────────────┘

VM Specifications

VM	Role	OS	RAM	vCPUs	IP
Kali Linux	Attacker	Kali 2024.x	3GB	4	192.168.100.10
Metasploitable 2	Victim	Ubuntu 8.04	1GB	2	192.168.100.20
Wazuh SIEM	Monitor	Ubuntu 22.04	4GB	4	192.168.100.30

Tools Used

nmap

Network scanning

Metasploit

Exploitation framework

Hydra

Password brute force

msfvenom

Payload generation

Wazuh

SIEM monitoring

netcat

Network utility