Solo Research
Single host, fast rebuilds.
- 1 VM or container snapshot per technique.
- Local logging to file + periodic export.
- Reset to golden image weekly.
🧪 Labs
Build Repeatable & Safe Diablo Labs
Lightweight setups for demos, training, and client environments. Keep experiments contained, monitored, and easy to rebuild.
Return to readiness checklist🏗️ Baselines
Reference Lab Shapes
Pick a profile and clone it. Each baseline keeps isolation and observability front-and-center.
Client Simulation
Mini environment for scoped tests.
- AD/DC + app server + defender box.
- Segmented networks with clear firewall rules.
- Ops runbook for snapshots and restores.
Collab Training
Shared practice with rollback.
- Per-user namespaces or VMs.
- Centralized logging and SIEM alerts.
- Daily cleanup job to revert state.
🔒 Hardening
Safety & OpSec Defaults
Keep the lab useful without leaking secrets or leaving debris.
Access Control
- Unique credentials per operator.
- Vault secrets outside of VM snapshots.
- MFA for gateways and dashboards.
Observability
- Sysmon/Osquery where possible.
- Packet capture ring buffer with retention policy.
- Alert on beacon-like traffic leaving the lab.
Recovery
- Documented rollback steps per host.
- Immutable backups for clean baselines.
- Post-engagement cleanup sign-off.
⚙️ Tooling
Starter Stack
Suggested tools for quick bring-up; swap as needed.
Networking
- dnsmasq / bind for controlled DNS.
- HAProxy / Traefik for routing experiments.
- WireGuard for remote teammate access.
Instrument
- Elastic or Loki stack for logs.
- Grafana dashboards for quick trends.
- Filebeat/Winlogbeat agents on all hosts.
Reset
- VM snapshots per scenario.
- Container compose files in git with tags.
- Nightly cleanup scripts validated weekly.