Projects

Homelab
August 2025

• Deployed and configured OPNsense as the main router and firewall, setting up VLANs, appropriate subnets, DHCP, and firewall rules to segment and secure homelab traffic.
• Utilized Proxmox to host virtual machines for labs and services, resource allocation, and snapshot management—accomplished utilizing LXC containers and KVM virtual machines.
• Created a SOC lab environment using Kali Linux for vulnerability assessment, a Windows target for exploitation, and the Wazuh stack for real-time detection and prevention.
• Configured OPNsense firewalling with strict baselines—ensuring intervlan traffic is strict and within scope.
• Utilized Wireguard to secure sensitive traffic from self-hosted services to VPS proxy—terminated with TLS 1.2/1.3 certificates.

VPS
August 2025

• Deployed a strict firewall policy: default-deny incoming, a strict iptables ruleset only allowing essential ports (non-standard IP-bound SSH port), with Tor service bound to localhost and isolated from public interfaces.
• Obtained an A+ SSL Labs Score, configured Let’s Encrypt TLS (TLS 1.2/1.3) with strong AEAD ciphers, implemented HSTS preload, instituted DNSSEC to prevent MITM attacks, and restrictive CAA policies to prevent rogue issuance.
• Secured Nginx with tight content security policies, method restrictions (GET/HEAD only), rate-limiting, appropriate header limits, and privacy-respecting security headers.
• Deployed kernel-level security via extensive sysctl settings, unused protocol and module blacklisting (modprobe blocklist), and AppArmor confinement for Nginx and Tor to limit post-exploit impact.
• Incorporated a strong chain of trust: a signed Tor mirror statement, mirrored public GPG keys, and SHA-512 checksum proofs—all implemented across DNS TXT records and a GitHub mirror.

Verification

 1# Web Hosting (Headers)
 2Clearnet: curl -vkI https://masontuckett.xyz
 3Tor Mirror: curl -vkI http://izsq26kus3oo53hia253f3cvk5m2g3bdqi4o4obevxucln6zm2xasaid.onion
 4
 5# DNS
 6! Main Domain !
 7dig @9.9.9.9 masontuckett.xyz any +dnssec
 8
 9! Self-Hosted Services !
10dig @9.9.9.9 tuckettlab.xyz any +dnssec
11
12! Email !
13dig @9.9.9.9 tuckett.xyz any +dnssec
14
15# Documentation
16Write Up: https://github.com/masontuckett/home-lab

Volunteering

Active Mentorship
July 2025

• Following my role as an instructor in the Ken Garff Esports Summer Tech Track—I continued to mentor an outstanding student who showed exceptional curiosity in the cybersecurity field.
• To further his learning, I designed and implemented a home lab tailored around a loosely inspired real-world enterprise environment—reproducing and mirroring my personal configurations.
• I offered continuous support—guiding my mentee through the process of studying/obtaining foundational IT certifications, and exploring his area of interest (penetration testing).
• A fully air-gapped SOC lab was created in Proxmox—allowing my mentee to gain exposure to critical industry toolsets (SIEM/IDS/IPS - Wazuh).
• 802.1Q VLANs were implemented ensuring a secure and realistic learning environment with appropriate WireGuard tunneling for public services.
• DNSSEC, CAA hardening, Nginx hardening (CSP/rate-limiting, UA gating), UFW firewalling, and MAC/sysctl tuning was utilized to ensure excellent availability and a reliable security posture.

Verification

 1# Web Hosting (Headers)
 2Clearnet: curl -vkI https://smithbarlow.xyz
 3Tor Mirror: curl -vkI http://v55dqkmukq7hl6hty5sn6wlbcfn6ldadxt3h4wuynb2dyonpu5hrcmyd.onion
 4
 5# DNS
 6dig @9.9.9.9 smithbarlow.xyz any +dnssec
 7
 8# Documentation
 9Post: https://masontuckett.xyz/posts/mentee-lab
10Write Up: https://github.com/smithbarlow/Home-Lab