6 min read

Latest from Core Lab

Header image showing a futuristic hacker lab with many glowing green & blue lights with the caption "Latest from CORE LAB".
Latest updates from Core Lab

The paywall is down! OPNsense day 2 guide now open to everyone. Today I’m excited to open up one of our most requested resources to the entire community. OPNsense "Day 2" Advanced & configuration. I've also got the OPNsense Suricata (IDS/IPS) guide published!

You can also read my last update "meta-post", Core Lab Q1 Updates, published on 08 March '26 for a brief snapshot of the site's ongoing trajectory.

📊 Homelab Security & Monitoring

The OPNsense IDS/IPS 26.4+ Guide - Suricata, Inline vs Divert Mode!

This guide is finally here! A few readers have asked for an IDS/IPS and Suricata guide. Things changed a lot for IDS/IPS in v26.4+, that's discussed along with complete setup tutorial.

💡
This post is available as early access for paid subscribers first. It will be unlocked on 31st March.
How to Configure Suricata IDS/IPS in OPNsense 26.4+ (Inline vs Divert)
Learn how to configure Suricata IDS/IPS in OPNsense 26.4+. Compare Inline vs Divert mode, optimize performance, and secure your self-hosted services.

The OPNsense Day 2 Guide: Now Open for All

While "Day 1" is all about getting your hardware online and your traffic flowing, "Day 2+" is where the real fun (and security) begins. I’ve officially moved the OPNsense Day 2 Guide out of early access.

Advanced OPNsense Networking Guide: Cloudflare Bypass, NTP Redirect & SQM
Learn advanced OPNsense routing techniques including Cloudflare proxy bypass, DNS/NTP interception, and SQM bufferbloat fixes for high-performance homelab networks.

What’s Inside:

  • Bypassing Cloudflare (Selectively!) for Plex/Jellyfin: Don't want to break Cloudflare terms of service? Don't want to get your streaming throttled, here's how to work around that.
  • DNS & NTP Interception / Redirection: How to truly capture and redirect key functions of your network to further enhance your privacy & security.
  • Eliminating Bufferbloat (FQ-CoDel FTW!): Enabling traffic shaping in OPNsense to defeat dreaded network buffering.

How To Upgrade OPNsense to V26.1.4 Oh My!

Running OPNsense and haven't done this major milestone upgrade yet? Here's your detailed step by step walkthrough; bravely move forward 😄

Upgrading to OPNsense 26.1: Kea vs. Dnsmasq & Subnet Fixes
The jump to OPNsense 26.1 changes how DHCP and DNS interact. Learn how to navigate Kea migration, fix subnet mask mismatches, and resolve Android Wi-Fi errors.

What's Inside:

  • Service transition from Unbound & ISC DHCP to Dnsmasque
  • The /21 subnet issue & other problems
  • Migrating your firewall rules to the new format (complete guide!)

🍿 Media Server Networking & Management

Not a huge update on the media server front, except for some tweaks to the Real Debrid & Plex/Jellyfin guide. Received confirmation from a few additional readers that they were able to finally get the solution working!

👍
Thank you to those of you who helped me re-craft that guide over several weeks!

Check out the "Ultimate" and "Unlimited" (No really) Media Server Guide!

The “Infinite” Plex Server: Real-Debrid & Zurg Guide (2026)
Stop buying hard drives. Build a 100TB media server for $3/mo. The complete guide to Plex, Real-Debrid, and Zurg with zero-buffering 4K streaming.

With the price of hardware lately, I feel this may be the way to go moving forward for the next couple years... I will be providing further updates to this and the Stremio & Real Debrid guide regarding addons. They will essentially be 'living documents' that evolve with the underlying tech stack.


🐧Overhauls & Updates on Existing Content

My Customizing Ghost series got a bit of an update, showing off how I enhanced the table of contents and other customization of the blog.

Hacking Ghost: Adding Mobile-Friendly Breadcrumbs to the Edition Theme
The “Lost User” Problem We spend hours tweaking our homelabs, optimizing Docker containers, and fine-tuning our firewalls. But often, we neglect the actual interface of our documentation. SERIES Ghost Blog / CMS Hacks 01 Part 1: Customizing & Optimizing Ghost Table of Contents, Scrollspy and more 02 Part 2: Hacking Ghost CMS

Some updates happened in the Hardware Guides as well, and further refinement will occur, or specialized build guides for things like ultra-low-cost options, energy efficient builds.

If you're planning on purchasing hardware, I'd greatly appreciate it if you used one of my links to support the ongoing costs of the site and me!👇

Best Homelab Hardware Guide (2026): Top CPUs, Nodes & NAS
Construct your Digital Fortress. From silent N100 “Gatehouse” nodes to massive “Command Center” storage servers, this is the battle-tested hardware we trust to hold the line in 2026.

Coming Up Next

The Q1 roadmap is still in full swing. Keep an eye out for upcoming deep dives and specific docker implementations & reviews!

As always, thanks for being part of the journey. If you have questions about any guide or a specific configuration that’s giving you trouble, feel free to drop a comment on the post or fire me an email!

See you in the logs,

Corelab Joe


💀 The Threat Landscape (This Week)

🚨 The “Session Is the New Password” Problem

Attackers are doubling down on session hijacking over credential theft. Instead of brute-forcing passwords, they’re targeting browser sessions, cookies, and OAuth tokens through phishing kits and malicious extensions.

Modern kits now:

  • Steal active session cookies in real time
  • Bypass MFA entirely
  • Reuse tokens to log in without triggering alerts

The Takeaway:
Treat your browser session like a password.

  • Avoid logging into sensitive accounts on random devices
  • Be extremely cautious with browser extensions
  • Use separate browser profiles for risky activity

⚠️ Security Alert: Supply Chain Attacks Are Heating Up

We’re seeing a continued rise in malicious package injections across ecosystems like npm and PyPI.

Recent incidents involved:

  • Typosquatted packages mimicking popular libraries
  • Hidden credential stealers embedded in post-install scripts
  • Backdoors targeting CI/CD pipelines

The Takeaway:
If you’re self-hosting or building stacks:

  • Pin package versions
  • Avoid “latest” tags blindly
  • Audit dependencies before deploying

🧠 AI Tools Becoming High-Value Targets

AI-powered tools and self-hosted agents are now a major attack surface.

New research shows:

  • Prompt injection attacks are being used to exfiltrate secrets
  • Misconfigured AI tools exposing API keys publicly
  • Agents running with excessive permissions (file system, shell access)

The Takeaway:
If it can execute commands, it’s a risk surface.

  • Sandbox aggressively
  • Never expose AI tools directly to the internet without auth
  • Treat them like privileged services

🌐 The “Exposed Dashboard” Epidemic

Shodan scans continue to reveal thousands of exposed admin panels:

  • Docker APIs
  • Portainer instances
  • Grafana dashboards
  • Home lab UIs with no auth or weak credentials

This is still one of the most exploited entry points.

The Takeaway:

  • Never expose dashboards directly
  • Use a reverse proxy + authentication (you already do this well)
  • Assume anything public will be scanned within minutes

🔓 Ransomware Tactics Are Getting Quieter

Instead of loud, system-locking attacks, many groups are shifting to:

  • Silent data exfiltration
  • Delayed extortion
  • Targeting backups first

You may not even know you’re compromised until data is leaked.

The Takeaway:

  • Monitor outbound traffic, not just inbound
  • Keep offline backups
  • Log access to sensitive shares