My home lab runs on Proxmox. I started it for under $500 on repurposed hardware and it has grown from there. I use it for everything — practicing attack techniques in a safe environment, testing security tool configurations before deploying them at work, and preparing for certifications by building the exact scenarios the exams test.
Every hiring manager I have spoken to in almost a decade of security says the same thing: candidates who have built a home lab stand out immediately. Not because the lab itself is impressive — most entry-level labs are modest — but because having one signals something about how you think. It says you are curious enough about security to pursue it outside of work hours. It says you learn by doing. It says you have already encountered real problems and worked through them.
This guide covers exactly how to build one. Starting small, starting cheap, and building something you will actually use.
Why you need a home lab
TryHackMe and Hack The Box are excellent learning platforms. They are not a substitute for a home lab. The difference is control — in a home lab you decide what runs, how it is configured, and what you do to it. You can break things completely and rebuild them. You can replicate the exact environment from a CVE you are studying. You can run tools that hosted platforms do not allow.
More practically: the skills that employers actually care about — setting up a Security Information and Event Management system, configuring network segmentation, analyzing packet captures, detecting lateral movement — are difficult to practice meaningfully on someone else's platform. They require an environment you own and control.
"In interviews, I can tell within five minutes whether someone has a home lab. The way they talk about problems, the specific errors they mention, the tools they have actually used — it is immediately obvious. And it immediately changes how I evaluate them."
What you actually need to get started
The biggest barrier most people imagine is hardware. The actual barrier is much lower. Here is what you need at minimum to run a functional security lab.
A single machine with reasonable specs. An older Dell Precision workstation with dual CPUs and DDR3 or DDR4 memory is an ideal starting point — they are built for sustained workloads, widely available used, and take a lot of RAM. Start with at least 64GB — the more the merrier. Memory is the primary constraint in a home lab. Every VM you run needs RAM and you will quickly find that 16 or 32GB limits how many machines you can run simultaneously.
Storage. A 500GB SSD paired with a larger HDD is the right combination. Keep your active VMs and the operating system on the SSD for speed. Use the HDD for storing ISO files, VM backups, and snapshots you are not actively using. This gives you the performance where it matters without spending on SSD capacity for cold storage.
A network switch (optional at first). If you want to simulate realistic network topology with multiple VLANs and physical network segments, a managed switch helps. For getting started, virtualized networking inside Proxmox handles most scenarios without any additional hardware.
The $500 starting budget
Here is exactly how to build a functional lab for under $500. These are real prices based on current used hardware markets.
| COMPONENT | WHAT TO GET | APPROX COST |
|---|---|---|
| Host machine | Used Dell Precision workstation — dual CPU, DDR3/DDR4, 64GB+ RAM | $150-300 |
| RAM | 64GB minimum — 128GB if the board supports it | $40-100 |
| SSD | 500GB SSD for OS and active VMs | $40-60 |
| HDD | 2-4TB HDD for ISOs, backups, and snapshots | $40-70 |
| Network switch | TP-Link 8-port managed switch (optional) | $30-50 |
| Proxmox | Free and open source | $0 |
| VMs and ISOs | Kali Linux, Ubuntu, Windows evaluation ISOs | $0 |
| TOTAL | $300-580 |
Mini PCs from brands like Beelink, Minisforum, and Intel NUC are popular choices for home labs because they are small, quiet, energy-efficient, and powerful enough to run four to six VMs simultaneously. A used ThinkCentre or OptiPlex desktop from eBay is another solid option — enterprise desktops are built to run 24/7 and can be found for $80-150 with decent specs.
Step 1 — Install Proxmox
Proxmox Virtual Environment is a free, open-source hypervisor built on Debian Linux. It runs bare-metal on your hardware and lets you create and manage virtual machines through a web browser. It is what I run my lab on and it is what serious home labbers overwhelmingly choose.
Download the ISO from proxmox.com/downloads. Flash it to a USB drive using Balena Etcher or Rufus. Boot from the USB and follow the installer — it takes about 10 minutes. The web interface runs on port 8006 of your machine's IP address once installed.
One thing to do immediately after install: disable the enterprise repository and enable the no-subscription repository. Proxmox ships configured for paid enterprise customers. Running the free version requires switching the repository source. There are plenty of guides for this specific step online — search "Proxmox disable enterprise repository."
- Download:
proxmox.com/downloads - Flash to USB: Balena Etcher (free, cross-platform)
- Access web UI:
https://YOUR-IP:8006 - Default login: root + the password you set during install
Step 2 — Build your first three VMs
Once Proxmox is running, create three virtual machines. This is the minimum viable lab — an attacker machine, a target machine, and a firewall between them.
This is where most beginners get confused. You need at least two virtual networks in Proxmox — one for your lab traffic that stays isolated from your home network, and one management interface for accessing the Proxmox web UI.
In Proxmox, create a Linux Bridge for your lab network (vmbr1). Attach your Kali and Windows VMs to this bridge. Configure pfSense with one interface on your home network (vmbr0) and one on the lab network (vmbr1). Now your lab machines can reach the internet through pfSense but are isolated from your home devices.
vmbr0— connected to your home network (management)vmbr1— isolated lab network (attack traffic stays here)- pfSense bridges the two — controls what crosses between them
Step 3 — Set up Active Directory
Active Directory is the identity and access management system used by the vast majority of enterprise Windows environments. It is also one of the most attacked components in any organization. Understanding how to attack and defend Active Directory is one of the most valuable skills in cybersecurity.
On your Windows Server VM, install the Active Directory Domain Services role and promote it to a domain controller. Create a domain — something like lab.local. Add a few user accounts with varying levels of privilege. Create some service accounts. Configure some intentionally misconfigured permissions.
Then from your Kali machine, practice the standard AD attack chain:
- Enumerate the domain with BloodHound
- Identify Kerberoastable service accounts
- Practice Pass-the-Hash and Pass-the-Ticket attacks
- Practice privilege escalation to Domain Admin
- Then switch roles — harden the environment and detect the same attacks
This single exercise covers more practical security knowledge than most certification courses combined.
Step 4 — Add a SIEM
A SIEM collects logs from across your environment and lets you search, correlate, and alert on security events. Running one in your home lab teaches you both how to configure log collection and how to actually use a SIEM for detection — a skill that is in constant demand.
Two good options for a home lab:
- Wazuh — free, open source, excellent documentation, actively maintained. Runs on Ubuntu Server. Covers log management, intrusion detection, and vulnerability management in one platform.
- Security Onion — purpose-built security monitoring distribution. More complex to set up but more realistic to what enterprise SOC environments look like.
Start with Wazuh. Install agents on your Windows and Linux VMs. Then run your Active Directory attacks from Kali and watch the alerts appear in real time. That exercise — attack, then immediately see what it looks like to the defender — is incredibly valuable for understanding both sides of security operations.
Step 5 — Practice with intention
A home lab that sits unused is not a home lab — it is an expensive hobby purchase. The key is using it with intention rather than just having it.
Three things that make a lab actually useful:
- Follow the news. When a new CVE drops on intel.mycyberbrief.com, check if you can replicate the vulnerable configuration in your lab. Understanding a vulnerability in a live environment is completely different from reading about it.
- Mirror TryHackMe scenarios. When you complete a room on TryHackMe, rebuild the scenario in your own lab. The guided version teaches the technique. Rebuilding it yourself teaches the underlying mechanics.
- Document everything. Write up what you did, what worked, what did not, and what you learned. Those write-ups become portfolio pieces. Bring them to interviews. They demonstrate the same level of engagement that a home lab signals — but in a form you can share.
Free resources to populate your lab
One of the best things about home lab practice is that most of the resources are free. Here is where to get vulnerable machines and scenarios to practice on.
- VulnHub — free downloadable vulnerable VMs. Import them directly into Proxmox. Hundreds of machines at every difficulty level.
- HackTheBox (retired machines) — retired machines come with community write-ups. Work through the machine first, then check the write-up.
- DVWA (Damn Vulnerable Web Application) — intentionally vulnerable web app for practicing web attacks. Runs on your Ubuntu VM.
- Windows evaluation ISOs — Microsoft provides 180-day evaluation copies of Windows Server and Windows 10/11 for free. Renewable.
- Kali Linux — completely free. Download the ISO from kali.org.
Scaling up from $500
Once your basic lab is running and you are using it regularly, there are natural ways to expand it that add meaningful capability without wasteful spending.
More RAM. The limiting factor in most home labs is memory. More RAM means more VMs running simultaneously. Going from 16GB to 32GB or 64GB opens up significantly more complex scenarios.
A second machine. Adding a second host to your Proxmox cluster lets you practice live migration, high availability configurations, and more realistic multi-host network scenarios.
A managed switch. Physical VLANs and proper network segmentation require a managed switch. The TP-Link TL-SG108E costs around $30 and supports VLANs — more than enough for home lab use.
A dedicated firewall appliance. Running pfSense on dedicated hardware rather than as a VM gives you more realistic firewall configuration experience and frees up VM resources for other machines.
The key point is that none of these expansions are necessary to start. Start with what you have. Get it running. Use it. Then expand based on what you actually need — not based on what looks impressive in a rack.
"The goal is not a perfect lab. The goal is a working lab you actually use. A modest lab used consistently is worth more than an impressive lab that sits idle."
What to tell interviewers about your lab
Having a home lab is only useful in an interview if you can talk about it concretely. Saying "I have a home lab" is less compelling than describing what you built, what you did with it, and what you learned.
Specifically: be able to describe your setup in technical terms. Be able to walk through a specific attack scenario you practiced. Be able to explain what you observed in your logs when you ran that attack. Be able to describe something that did not work and how you figured out why.
That level of concrete detail signals something that no certification can — that you have actually done the work, encountered real problems, and developed real judgment about how security systems behave under attack.
That is what a home lab is really for.