Samuel Decarnelle

> about_me_

I am Samuel Decarnelle, a cybersecurity student based in France with a particular focus on offensive security and penetration testing. My interest in security did not begin in a classroom. It began with the kind of curiosity that leads you to take systems apart, understand every layer, and ask what happens when something is configured incorrectly.

I run Arch Linux on my personal machine not because it is fashionable, but because it demands that you understand your system completely. I self-host my infrastructure on a 5-node Proxmox cluster hosting over 50 assets, built as a collaborative red team training environment with two colleagues.

I believe that the best way to defend a system is to understand precisely how it can be broken.

50+ lab assets

5 proxmox nodes

6 network zones

3 collaborators

> homelab_infrastructure_

Enterprise-grade, high-availability, VLAN-segmented red team training environment.

architecture.txt

┌─────────────────────────────────────────────────────────────┐
│                        INTERNET                             │
└───────────────────────────┬─────────────────────────────────┘
                            │
┌───────────────────────────▼─────────────────────────────────┐
│              pfSense HA PAIR (WAN)                          │
│         VRRP VIP — Active / Passive Failover                │
└──────┬──────────┬──────────┬──────────┬──────────┬──────────┘
       │          │          │          │          │
  VLAN 50    VLAN 60    VLAN 70    VLAN 80    VLAN 90
  ADMIN       DMZ       PROD      PRE-PROD     SOC
       │          │          │          │          │
  ┌────┴───┐ ┌────┴───┐ ┌────┴───┐ ┌────┴───┐ ┌────┴───┐
  │Mgmt    │ │LB x2   │ │Web x2  │ │Web x2  │ │Wazuh x2│
  │Bastion │ │Bastion │ │AD  x2  │ │AD  x2  │ │Suricat.│
  │Arch PC │ │RevProxy│ │DB  x2  │ │DB  x2  │ │Shuffle │
  │        │ │VPN     │ │DNS x2  │ │DNS x2  │ │Zabbix  │
  │        │ │Mail x2 │ │DHCP x2 │ │DHCP x2 │ │Bastion │
  └────────┘ └────────┘ └────────┘ └────────┘ └────────┘
                            │
┌───────────────────────────▼─────────────────────────────────┐
│            PROXMOX CLUSTER — 5 NODES                        │
│     .249  /  .250  /  .251  /  .252  /  .253                │
│          Shared Network 192.168.40.0/24                     │
└─────────────────────────────────────────────────────────────┘

[VLAN 50 — ADMIN]

Management access, Arch Linux workstation, bastion host, administrative control plane.

[VLAN 60 — DMZ]

Load balancers, reverse proxies, VPN gateway, mail servers, public-facing bastion. Redundant pairs.

[VLAN 70 — PRODUCTION]

Web servers, Active Directory, databases, DNS, DHCP. Full HA with redundant pairs.

[VLAN 150 — PRE-PROD]

Apache testing, Windows Server 2025 with ADDS, DHCP testing environment.

[VLAN 90 — SOC]

Wazuh SIEM, Suricata IDS, Shuffle SOAR, Zabbix monitoring, OpenCTI threat intelligence.

[VLAN 255 — CYBER]

Isolated offensive security subnet. Legal red team target environment for penetration testing practice.

[view full documentation on github]

> skills_

[offensive security]

Penetration Testing Methodology
Network Exploitation
Privilege Escalation
Lateral Movement
Defense Evasion
Black Arch Linux

[infrastructure]

Proxmox VE (5-node cluster)
pfSense — HA, VLAN, VPN
VLAN Segmentation
WireGuard VPN
Load Balancing (HAProxy)
Active Directory (WS 2025)

[defensive / soc]

Wazuh SIEM
Suricata IDS
Shuffle SOAR
Zabbix Monitoring
OpenCTI
Fail2Ban

[systems]

Arch Linux — advanced
Ubuntu Server — hardening
Windows Server 2025
Bash Scripting
SSH Hardening
Kernel Parameter Tuning

[networking]

TCP/IP, DNS, DHCP
Firewall Rules (iptables, UFW)
Reverse Proxy (Nginx, Apache)
Network Monitoring
Cisco Packet Tracer
VRRP / Failover

[web / dev]

HTML / CSS / JavaScript
PHP
Git / GitHub
Self-hosting
Docker (learning)