OSEC Server Refresh

Highlights at a Glance

• Built a hands-on training environment used for CTFs, red/blue team, and escalation scenarios.

• Unified logging across 10+ systems for centralized SIEM monitoring via Splunk.

• Enabled custom domain email services and internal Discord-based role management.

 Project Overview

The OSEC Server Refresh project was a full rebuild of our cybersecurity club’s infrastructure. The goal was to modernize our systems, improve reliability, and support more advanced training environments for club members. I led the planning and implementation of the rebuild, focusing on functionality, performance, and long-term scalability.

Key Contributions

• Infrastructure Planning: Designed a new Proxmox-based virtualization stack to support isolated environments for competitions, labs, and training.

• VLAN & Subnet Mapping: Reorganized internal networking for improved security segmentation and easier VM lifecycle management.

• Firewall Configuration: Implemented OPNSense with tailored rules for internal lab traffic, internet access controls, and logging.

• Documentation: Created a full internal documentation set for future admins, including topology diagrams, VM templates, and firewall policy notes.

Pentesting Lab/CPTC Training Lab

The OSEC Server Refresh project introduced a robust, hybrid penetration testing lab that blends virtualized infrastructure and physical workstations into a single, purpose-built subnet.

Virtual Lab (Proxmox-Hosted):

• Hosted on a dedicated Proxmox server, the virtual side includes:

  • Splunk Server (Ubuntu) for centralized log aggregation, threat analysis, and live monitoring.

  • Windows Server 2025, configured with enterprise-grade services (Active Directory, SMB) to simulate corporate infrastructure.

  • Ubuntu Server, running web services and SSH for Linux-based enumeration and escalation practice.

Physical Lab Desktops:

• Four networked desktops connected to the same subnet as the VMs:

  • Three intentionally vulnerable machines:

    • Windows 7

    • Windows 10

    • Ubuntu Desktop

  • One Kali Linux box as the dedicated attack platform.

All machines—virtual and physical—are integrated into a shared learning environment that supports red team/blue team exercises, CTF challenges, and threat simulation scenarios. All of the intentionally vulnerable machines are configured to revert to a default image upon device reset, ensuring 

Centralized Logging with Splunk

Every system in the environment, from Windows to Ubuntu to Kali, is equipped with the Splunk Universal Forwarder, pushing all event, system, and application logs to the centralized Splunk server.

This architecture enables:

• Real-time visibility during attacks and exercises

• Hands-on SIEM experience for students

• Log-based forensics and incident response simulations

• The groundwork for future scoring systems and alerting pipelines

The consistent, unified logging setup reinforces detection, response, and analysis skills across platforms in a controlled but realistic networked setting.

CCDC Training Environment

As part of the OSEC Server Refresh, we built a dedicated virtual CCDC simulation environment to help members prepare for Collegiate Cyber Defense Competitions. The setup replicates a real CCDC environment and provides a realistic, pressure-tested platform for team training.

Key Features

• Proxmox-Hosted Infrastructure:
  Entire environment runs virtually on a dedicated Proxmox instance with its own isolated subnet for safe, controlled testing.

• Replica Service Stack:
  Includes virtual machines running web, database, FTP, and internal authentication services—mirroring competition setups.

• Automated Red Team Attacks:
  A scripted red team instance continuously launches attacks (RCEs, privilege escalations, service disruptions) to simulate real CCDC stress conditions.

Club Operations & Support Infrastructure

To support day-to-day operations, outreach, and interdisciplinary collaboration, the OSEC Server Refresh introduced a dedicated Proxmox instance for club services and student resources. This instance hosts a diverse set of VMs that serve both internal and external functions.

Hosted Services

• Discord Authentication Bot
  Custom bot tied to our club’s Discord server, handling member verification and role-based access for internal channels.

• OSEC Website
  Self-hosted static site running on a lightweight web stack to showcase projects, provide documentation, and recruit new members.

• Inter-Club Resources
  Includes collaborative tools like an aerodynamics simulator for the UNF Racing team as well as other tools or media hosting for other student led clubs.

• Training & Miscellaneous OS VMs
  Provisioned environments for students to safely experiment with OS configurations, host short-term labs, or build personal projects in an isolated setting.

IMAP Server with Custom Domain Support

To streamline communications and present a more professional image, the infrastructure includes a self-hosted IMAP email server configured to handle custom domain email addresses for campus organizations.

Key Features

• Custom Domain Integration
  Enables student organizations to send and receive emails using branded addresses (e.g., team@unfhockey.com) without relying on third-party providers.

• Universal Access
  Compatible with most desktop and mobile mail clients via standard IMAP and SMTP protocols.

• Security & Routing
  Includes DNS-based protections (SPF, DKIM, DMARC) and optional relay support to improve deliverability and reduce spam classification.

Purpose

This solution offers clubs full control over their communications, improves brand presence in external messaging, and eliminates recurring costs associated with managed email providers.

The OSEC Server Refresh was a transformative project that modernized our technical backbone while enhancing member training and club operations. It stands as a scalable foundation for future cybersecurity growth at UNF.