Homelab – Install Windows 10 in Proxmox

As part of my Dark Arts Saga – EDR Evasion, I have the need to host multiple images of Windows 10, Windows 11 and other Systems. For the purpose of writing, automating and maintaining Evasive Malware I need to host multiple versions of Windows VMs. Here a short list of the different VMs that I host for this purposes:

Defenseless VM (stripped of all Security Products, Defender, Smart Screen… etc).
Fully Updated and Patched Clean Windows 10.
Fully Updated and Patched Clean Windows 11.
Defenseless VM with Compilation, Reverse Engineer and Debugging Toolkit.
Instrumentation VM with custom Detection Tooling to assest footprint of the malware.
Variation VMs with Administration Escalation Possibilities, EDR File Exception, or Hiding places such as Python, or WSL.

The problem with Cloud Labs

In this day and age, the default option should be cloud. However, running Windows Desktop in Cloud Environment is very brittle and almost forbidden. I’m not sure if its a remnant of the “Old” Windows licensing ways, or a fact that Virtualization is better supported for Windows Server 2016, but most cloud providers will not support Windows Desktop or want you to use a Windows Desktop for a Windows Server version with multitenant.

While using Nested Virtualization for some suppliers is possible, is such a huge administrative pain, I decided some time ago to cash out some money to get a Decent Virtualization lab. For someone going down the same route, I recommend look into some old server Hardware in Ebay on the 300$ Range. Despite the times my recommendations stay the same:

Dell R620 (with 196GB of RAM + SSDS).
HP Z800 Workstation (128GB of RAM + SSDS).

For people able to host the Rack mount format I recommend the 620, for people that can host a Tower format I recommend the Z800. I went for the Z800 myself and is what I currently use to host my lab.