Samuel Decarnelle

> about_me_

I am Samuel Decarnelle, a cybersecurity student based in France with a particular focus on offensive security and penetration testing. My interest in security did not begin in a classroom. It began with the kind of curiosity that leads you to take systems apart, understand every layer, and ask what happens when something is configured incorrectly.

I run Arch Linux on my personal machine not because it is fashionable, but because it demands that you understand your system completely. I self-host my infrastructure on a 5-node Proxmox cluster hosting over 50 assets, built as a collaborative red team training environment with two colleagues.

I believe that the best way to defend a system is to understand precisely how it can be broken.

50+ lab assets

5 proxmox nodes

6 network zones

3 collaborators

> homelab_infrastructure_

Enterprise-grade, high-availability, VLAN-segmented red team training environment.

architecture.txt

  ┌─────────────────────────────────────────────────────────────┐
  │                        INTERNET                             │
  └───────────────────────────┬─────────────────────────────────┘
                              │
  ┌───────────────────────────▼─────────────────────────────────┐
  │                   pfSense HA PAIR (WAN)                     │
  │            VRRP VIP — Active / Passive Failover             │
  └──────┬──────────┬─────────────┬──────────┬──────────┬───────┘
         │          │             │          │          │
      VLAN 50    VLAN 60       VLAN 70    VLAN 80    VLAN 90
       ADMIN       DMZ          PROD     PRE-PROD      SOC
         │          │             │          │          │
    ┌────┴───┐ ┌────┴──────┐ ┌────┴───┐ ┌────┴───┐ ┌────┴──────┐
    │Mgmt    │ │LB x2      │ │Web x2  │ │Web x2  │ │Wazuh x2   │
    │Bastion │ │Bastion x2 │ │AD  x2  │ │AD  x2  │ │Suricat x2 │
    │Arch PC │ │RevProxy x2│ │DB  x2  │ │DB  x2  │ │Shuffle x2 │
    │        │ │VPN x2     │ │DNS x2  │ │DNS x2  │ │Zabbix x2  │
    │        │ │Mail x2    │ │DHCP x2 │ │DHCP x2 │ │Bastion x2 │
    └────────┘ └───────────┘ └────────┘ └────────┘ └───────────┘
                                 │
  ┌──────────────────────────────▼──────────────────────────────┐
  │                  PROXMOX CLUSTER — 5 NODES                  │
  │           .249  /  .250  /  .251  /  .252  /  .253          │
  │                Shared Network 192.168.40.0/24               │
  └─────────────────────────────────────────────────────────────┘

[VLAN 50 — ADMIN]

Management access, Arch Linux workstation, bastion host, administrative control plane.

[VLAN 60 — DMZ]

Load balancers, reverse proxies, VPN gateway, mail servers, public-facing bastion. Redundant pairs.

[VLAN 70 — PRODUCTION]

Web servers, Active Directory, databases, DNS, DHCP. Full HA with redundant pairs.

[VLAN 150 — PRE-PROD]

Apache testing, Windows Server 2025 with ADDS, DHCP testing environment.

[VLAN 90 — SOC]

Wazuh SIEM, Suricata IDS, Shuffle SOAR, Zabbix monitoring, OpenCTI threat intelligence.

[VLAN 255 — CYBER]

Isolated offensive security subnet. Legal red team target environment for penetration testing practice.

[view full documentation on github]

> skills_

[offensive security]

Penetration Testing Methodology
Network Exploitation
Privilege Escalation
Lateral Movement
Defense Evasion
Black Arch Linux

[infrastructure]

Proxmox VE (5-node cluster)
pfSense — HA, VLAN, VPN
VLAN Segmentation
WireGuard VPN
Load Balancing (HAProxy)
Active Directory (WS 2025)

[defensive / soc]

Wazuh SIEM
Suricata IDS
Shuffle SOAR
Zabbix Monitoring
OpenCTI
Fail2Ban

[systems]

Arch Linux — advanced
Ubuntu Server — hardening
Windows Server 2025
Bash Scripting
SSH Hardening
Kernel Parameter Tuning

[networking]

TCP/IP, DNS, DHCP
Firewall Rules (iptables, UFW)
Reverse Proxy (Nginx, Apache)
Network Monitoring
Cisco Packet Tracer
VRRP / Failover

[web / dev]

HTML / CSS / JavaScript
PHP
Git / GitHub
Self-hosting
Docker (learning)