This wiki documents the design and evolution of a modular purple team homelab, tailored for hands-on adversary emulation, detection engineering, and infrastructure hardening.
It is structured chapter by chapter, reflecting the live build process of the environment and the continuous integration of use-case-driven components.
I aim to build the lab as close as possible to an enterprise-grade, on-premise environment, with a long-term goal of extending it into a hybrid cloud setup that integrates Azure Active Directory and cloud-native components.
(To be expanded as the project grows)
Outlines the core infrastructure of the purple team lab: network segmentation, virtualization stack, logical zones, and machine roles. Explains the reasoning behind architectural choices and the foundational setup decisions.
Holds adversary emulation scenarios, including MITRE ATT&CK mappings, step-by-step TTPs, and lab execution guides.
Includes automation logic, SOAR playbooks, scripts, and integrations used to streamline detection, response, and enrichment.