Cybersecurity

Cybersecurity

Stop brute-force attacks and lock down your perimeter. This is your professional playbook for enterprise-grade homelab security. Move past default configurations with step-by-step guides to deploying OPNsense firewalls, setting up network segmentation via VLANs, and hardening your reverse proxy layer using SWAG, CrowdSec, and Authelia. Stop guessing, minimize your attack surface, and build an airtight digital fortress on your own hardware.
16
Jun
Shodan.io map view of Toronto & area, Canada showing detected IPV4 & IPV6 addresses.

🛡️ Auditing the Castle: How to Scan and Pen-Test Your Homelab (2026 Guide)

Stop guessing if your self-hosted infrastructure is secure. Use Shodan, Greenbone OpenVAS in Docker, and Trivy to audit your homelab like a professional.
17 min read
28
Apr
Digital rendering of my 10+ yr old hand me down Alienware X51 R3 PC running OPNsense, 'ghosting' my WAN IP to the scanners.

Beyond Default Deny: Reducing Attack Surface & Exposure in 2026

Stop Shodan and Censys from mapping your network. Learn how to use OPNsense 26.1, CrowdSec, and Divert Mode to achieve true Security through Obscurity in 2026.
11 min read
24
Mar
Cyberpunk illustration of OPNsense with Suricata, featuring a vigilant meerkat guarding glowing data streams and detecting threats in real time.

OPNsense IDS/IPS in 26.4+: Suricata, Inline vs Divert Mode

Learn how to configure Suricata IDS/IPS in OPNsense 26.4+. Compare Inline vs Divert mode, optimize performance, and secure your self-hosted services.
6 min read
24
Mar
A macro shot in a dark server room shows an Ethernet cable plugged into a NIC, featuring a "Digital Fortress" maintenance log overlay with an OPNsense upgrade progress bar at 88% complete.

Upgrading to OPNsense 26.1

The jump to OPNsense 26.1 changes how DHCP and DNS interact. Learn how to navigate Kea migration, fix subnet mask mismatches, and resolve Android Wi-Fi errors.
6 min read
17
Mar
Conceptual network command center. Left display: OPNsense 1.5Gbps throughput and low latency. Right display: AdGuard Home stats and active IDS/IPS shield for threat detection.

Advanced OPNsense Networking: Cloudflare Bypass, DNS/NTP Hijacking & SQM

Learn advanced OPNsense routing techniques including Cloudflare proxy bypass, DNS/NTP interception, and SQM bufferbloat fixes for high-performance homelab networks.
13 min read
03
Mar
Grafana dashboard showing a global threat map of cyberattacks and a top 5 attackers bar gauge parsed from OPNsense firewall and NGINX Docker logs.

Building a Homelab Mini-SIEM with Grafana, Loki, and Promtail

Stop guessing and start visualizing. Turn siloed OPNsense and NGINX logs into a real-time threat map with the lightweight GLP stack. Includes GeoIP and Discord alerts.
13 min read
27
Jan
A glowing blue digital processor shield protects a server from a stream of red "malware" skulls. The shield filters the traffic, allowing only safe green packets to pass.

CrowdSec Installed but Showing No Decisions? Here's Why That's Normal

Installed CrowdSec but see empty logs? Don't panic. Learn how to verify your "invisible shield," investigate attacker logs, and whitelist your own IP.
8 min read
16
Jan
Cyberpunk mascot sitting on snowy server racks, smiling at a red hologram reading 'CORE LAB UPDATES'. She wears tactical gear and clear glasses.

Fantastic Friday: Dirty Snow, The Digital Vault & The Advanced Malware Threat

Happy Friday, Core Lab crew! It has been a marathon few weeks here at the lab. I've been
3 min read
14
Jan
Digital illustration of a server room. Glowing blue network paths converge on an isolated, glowing red cube. A text overlay reads "TRAP SPRUNG: PID ISOLATED," symbolizing threat containment.

Threat Hunting in the Homelab

When Zenarmor flagged a high-severity beacon, I feared my NAS was infected. It wasn't. Here is the step-by-step threat hunt of how I tracked down a malware implant inside a compromised Docker container using tcpdump—and the supply chain mistake that let it in.
6 min read
08
Jan
Internal view of a "PAX" configured C-17 Globemaster 3 with CAF personnel, in flight.

The "Digital FOB": The Ultimate Cyber Survival Guide for OUTCAN Deployments (2026)

Don't connect directly to camp Wi-Fi. This guide explains how to build a "Digital FOB" using travel routers and VPNs to defeat Deep Packet Inspection and cellular tracking. The ultimate "Go Bag" tech list for Canadian soldiers deploying in 2026.
16 min read