___ # Tags #homelab #cybersecurity #blog ![[wbrbrtbrb.jpg]] I've been doing this homelab thing for quite some time now. I have spent much time building systems to understand what they do from scratch. I would spin up a virtual machine appliance like SecurityOnion and realize its core components are built on Suricata, Zeek, Elastic, Wazuh, and a few other technologies. I would build those components myself to figure out how they work, not because someone told me how but because I wanted to understand the configs. Virtual appliances are excellent for just getting started and using their included tools. It's essential to be a tool user and a tool builder. I was beginning to go through the usual ritual of rebuilding my infrastructure this last month and thought about what I've been using it for in 2022 - the answer is not much other than maintaining it. Only a little happens in a homelab with a residential IP or deployed VPS boxes. Oh sure, you get the regular bot scanning, Shodan, and other cybersecurity vendor hits, then end up as noise on a WAN IP. But there is nothing to work with on a material level. This is what put the idea of Lab 2.0 in my head and what that means for my career and future studies. My homelab has long been geared towards more of an NSM (network security monitoring) approach. However, to improve my abilities within the blue-team tradecraft, I want to start spending less time building and maintaining and more time understanding the tooling and analysis behind it. This brings me to my final thoughts - a homelab is whatever you need it to be. Refrain from getting stuck in any one idea of methodology. Instead, it should be a revolving door of learning and a tool you use to practice the tradecraft. I know what I want 2023 to look like for my personal study time and technology investment - and often, KISS is the best acronym to complex questions.