The OSEC Pentesting Lab was developed as a hybrid penetration testing and training environment to support the University of North Florida’s Cybersecurity Club. Its purpose was to prepare students for Collegiate Penetration Testing Competition (CPTC) tryouts, provide a platform for daily red team practice, and give me direct experience in deploying complex enterprise-style infrastructure.
I co-led this project with a teammate, Alex. Together, we built the lab from the ground up to replicate a corporate-scale environment, complete with Windows enterprise services, Linux-based infrastructure, routed subnets, and attacker workstations. The lab has been used by more than 40 students for training and competition preparation.
Hosted on an HP DL360P Gen8 server running Proxmox
Sixteen virtual machines plus two routers (OpenWRT, OPNsense)
Segmented network topology across three routed subnets:
10.0.0.0/24 (corporate)
10.0.200.0/24 (workstations)
10.0.40.0/24 (attacker subnet)
Windows Server 2016 environment: Domain Controller, ADCS, six workstations, and a management server
Linux servers: LDAP, FTP, MySQL, and Jellyfin media server managed via XAMPP
Attack platforms: multiple Kali Linux VMs with penetration testing toolsets
OpenWRT router managing the corporate and management subnets
OPNsense router providing the link to the attacker subnet, with firewall rules and segmentation to ensure attacker isolation
BIOS incompatibility initially prevented the server from detecting drives
Thin provisioning broke SCP access and snapshots, requiring three full Proxmox reinstalls
NIC throughput limits and OPNsense consuming 20 GB of RAM under stress caused stability problems
No original machine credentials were available
Changing default ADCS credentials caused trust errors, breaking domain access
Linux machines required bootloader-level exploitation for root access
Active Directory required privilege escalation from a single standard account to restore control
Linux services needed reconfigured accounts and networking updates in XAMPP
Splunk deployment delayed by licensing and hardware needs
BloodHound failed in an airgapped attacker environment until network access was enabled
Updated the BIOS, corrected storage pool design, and replaced the NIC with higher throughput hardware, stabilizing performance up to 500+ concurrent clients
Built a staged snapshot pipeline (initial → networking → credentials → services → live) with plans for a reset automation script
Used Utilman exploit on Windows and GRUB CLI on Linux to gain access, then standardized admin accounts across machines for consistency
Escalated privileges in AD to fix domain access and introduced group policy misconfigurations for realistic pentesting scenarios
Configured Splunk forwarders across all systems (pending server deployment) and provided Kali internet access to support BloodHound
Enabled 40+ students to train in penetration testing, defense, and incident response in a realistic environment
Created a repeatable and resilient environment with snapshot-based resets and future reset automation planned
Supported CPTC tryouts and training workshops with realistic enterprise services and vulnerabilities
Strengthened my own skills in deploying enterprise infrastructure, troubleshooting complex networking issues, and managing virtualized environments at scale
Proxmox VE • Windows Server 2016 (AD, ADCS, Workstations) • OpenWRT • OPNsense • Linux (LDAP, FTP, MySQL, Jellyfin) • Kali Linux • XAMPP • Splunk (in-progress)