I worked with Connor East and Seraphim Gerber on a capstone focused on automated virtual lab deployment and malware remediation inside an isolated Proxmox environment. The lab is treated as infrastructure as code, allowing repeatable enterprise style deployments, controlled malware testing, and automated cleanup and recovery.
The goal is to reduce remediation time, improve artifact removal accuracy, and demonstrate a scalable alternative to manual incident response. The project is still actively being developed and refined, with continued improvements to automation, detection, and validation workflows.
Lab Architecture Overview
The lab is built with strict network segmentation to safely support malware testing and automation.
Home Network
Acts as the outbound gateway and hosts the physical hardware used for virtualization and deployments.
Management Network
Hosts all control services including VPN access, Ansible automation, Semaphore, Active Directory, and Pi hole. This network controls all deployments and remediation workflows.
Deployment Networks
Three isolated environments are deployed using Ansible scripts, each simulating a real world organization such as a school, small business, or government entity. This allows malware behavior and remediation effectiveness to be tested across different infrastructure designs.
Malware Testing and Remediation Workflow
Malware is executed inside isolated virtual machines for a fixed time window. Artifacts are collected before and after execution, then automated playbooks are used to clean the system and restore it to a known good state. Cleanup is verified through rescanning and integrity checks.
What This Demonstrates
• Infrastructure automation and deployment
• Malware analysis and remediation workflows
• Secure network segmentation
• Ongoing development and iteration