🛡️ Auditing the Castle: How to Scan and Pen-Test Your Homelab (2026 Guide)
Stop guessing if your self-hosted infrastructure is secure. Use Shodan, Greenbone OpenVAS in Docker, and Trivy to audit your homelab like a professional.
Beyond Default Deny: Reducing Attack Surface & Exposure in 2026
Stop Shodan and Censys from mapping your network. Learn how to use OPNsense 26.1, CrowdSec, and Divert Mode to achieve true Security through Obscurity in 2026.
OPNsense IDS/IPS in 26.4+: Suricata, Inline vs Divert Mode
Learn how to configure Suricata IDS/IPS in OPNsense 26.4+. Compare Inline vs Divert mode, optimize performance, and secure your self-hosted services.
Upgrading to OPNsense 26.1
The jump to OPNsense 26.1 changes how DHCP and DNS interact. Learn how to navigate Kea migration, fix subnet mask mismatches, and resolve Android Wi-Fi errors.
Advanced OPNsense Networking: Cloudflare Bypass, DNS/NTP Hijacking & SQM
Learn advanced OPNsense routing techniques including Cloudflare proxy bypass, DNS/NTP interception, and SQM bufferbloat fixes for high-performance homelab networks.
Building a Homelab Mini-SIEM with Grafana, Loki, and Promtail
Stop guessing and start visualizing. Turn siloed OPNsense and NGINX logs into a real-time threat map with the lightweight GLP stack. Includes GeoIP and Discord alerts.
CrowdSec Installed but Showing No Decisions? Here's Why That's Normal
Installed CrowdSec but see empty logs? Don't panic. Learn how to verify your "invisible shield," investigate attacker logs, and whitelist your own IP.
Fantastic Friday: Dirty Snow, The Digital Vault & The Advanced Malware Threat
Happy Friday, Core Lab crew!
It has been a marathon few weeks here at the lab. I've been
Threat Hunting in the Homelab
When Zenarmor flagged a high-severity beacon, I feared my NAS was infected. It wasn't. Here is the step-by-step threat hunt of how I tracked down a malware implant inside a compromised Docker container using tcpdump—and the supply chain mistake that let it in.
The "Digital FOB": The Ultimate Cyber Survival Guide for OUTCAN Deployments (2026)
Don't connect directly to camp Wi-Fi. This guide explains how to build a "Digital FOB" using travel routers and VPNs to defeat Deep Packet Inspection and cellular tracking. The ultimate "Go Bag" tech list for Canadian soldiers deploying in 2026.