Every year our local lab chooses a handful of hands-on builds that teach core security skills, produce useful testbeds, and create shareable artifacts for the community. The best year-end projects are those that pair low-cost hardware with open software, are safe and lawful to run, and produce repeatable results participants can take home or extend. Below I outline six practical builds that work well for community labs, with quick parts lists, essential configuration notes, and tips for group work and ethics.
1) Raspberry Pi perimeter camera with motion detection Why it matters: Getting camera capture, eventing, and secure storage working end to end teaches fundamentals of image processing, low-power deployment, and operational hardening. Hardware: Raspberry Pi 4 or Zero 2 W, Pi Camera or USB camera, 16 GB+ microSD, optional IR illuminator and weatherproof housing. Recommended software: motionEye (or a current fork) to handle motion detection, recording, and alerts. motionEye packages motion and a web front end so teams can focus on tuning detection zones, recording retention, and secure remote access. A short workshop should cover changing default credentials, using SFTP or network storage for recordings, and running the camera behind a VPN rather than exposing it directly to the internet.
Quick build tips: pre-flash images for participants, provide a small parts kit with camera and PoE hat if available, and include a troubleshooting checklist for common issues like power, camera permissions, and network time sync.
2) RF monitoring bench with RTL-SDR and dump1090 Why it matters: Radio frequency awareness is a core skill for both physical and cyber security. A simple RTL-SDR dongle plus a Raspberry Pi becomes a powerful receiver for many signals. For aviation and low-altitude awareness projects use dump1090 and feed into community aggregators or local visualizers. The same SDR hardware and GNU Radio tools let participants explore spectrum waterfall displays, decode simple signals, and experiment with direction finding demonstrations.
Quick build tips: supply USB-powered RTL-SDR dongles, a small ground plane or quarter-wave antenna tuned for 1090 MHz, and prebuilt Raspberry Pi images with dump1090 installed. Include an exercise that shows the difference between raw waterfall views and decoded message outputs so participants understand signal to data mapping.
3) Open Drone ID receiver and safe drone awareness Why it matters: Remote ID is a growing part of UAS safety. The Open Drone ID ecosystem provides open libraries and receiver examples you can build into a learning node. Teams can assemble a receiver that listens for Bluetooth or Wi-Fi broadcast Remote ID messages and displays nearby drone telemetry on a local dashboard. That exercise teaches RF capture, protocol decoding, and data privacy considerations. Implementations and reference libraries are available as open source, making this an ideal community project for a lab.
Important legal and safety note: active interference or jamming of drone control or navigation signals is both dangerous and unlawful in most jurisdictions. Labs should emphasize detection and awareness only. For U.S. labs, federal guidance and enforcement history make clear that operation or sale of jammers is prohibited and that detection and reporting are the lawful, safe options. Teach participants how to use detection to inform operators or law enforcement rather than interfering with aircraft.
4) Network honeypot and telemetry capture (Cowrie) Why it matters: A small, controlled honeypot helps teams learn attacker behavior, logging, sample collection, and safe analysis practices. Cowrie is an SSH/Telnet honeypot widely used in research and instruction. A lab can host a sandboxed Cowrie instance, collect attack sessions, extract malware samples, and build dashboards that show live attack telemetry. This is practical, low-cost, and teaches data hygiene, legal boundaries for handling malware, and how to integrate deception into blue team exercises.
Quick build tips: run honeypots in isolated networks or VMs, automate sample transfers to a secured analysis VM, and include clear policies on handling and storing captured artifacts.
5) Sensor fusion with Home Assistant and MQTT Why it matters: Many community projects are most valuable when their outputs are consumable by other systems. Use MQTT as the glue between sensors, cameras, SDR decoders, and dashboards. Home Assistant provides an approachable UI and integration set for MQTT sensors, enabling teams to create correlated views like “door open plus motion plus RSSI anomaly”. Building MQTT pipelines teaches message design, secure broker configuration, and practical automation logic.
Quick build tips: include a small Mosquitto broker image for the lab, examples that publish JSON attributes, and exercises on access control and TLS for MQTT.
6) Post-mortem and reproducibility kit Why it matters: The real value of a community build is what others can reproduce. For each project prepare a concise kit: hardware list with part SKUs, a pre-flashed image or container, setup checklists, and a one-page runbook covering safety, legal constraints, and common faults. Encourage participants to document the small decisions they made. Version the kits in a shared repository so next year the lab can iterate.
Team structure and schedule Keep builds short and modular. Run a kickoff demo, then break groups into 2 to 4 person teams that pick a build. Allocate one evening for hands-on assembly and a second session for tuning, data collection, and short demos. Designate one person per team to maintain the lab repo and write the runbook entry. For mixed-skill groups pair less experienced builders with a mentor and keep pre-flashed images and prepared cables to avoid bottlenecks.
Ethics, law, and public-facing deployments Community labs often want to go from prototype to public deployment. Pause before you do. Obtain permissions if you plan to point cameras at public spaces. Do not run active RF countermeasures that could interfere with safety critical communications. Use detection and reporting workflows, not mitigation by interference. Finally, anonymize and minimize any personal data captured during exercises, and provide clear signposting to any collaborators who may be recorded in lab demonstrations.
Wrapping up Year-end builds are an opportunity to leave behind lasting, documented artifacts that raise local capability and curiosity. Choose projects that teach skills across sensing, decoding, logging, and safe policy. Make the outputs reproducible. Keep safety and legal compliance front and center. If your lab wants, I can prepare pre-flashed images and a parts shopping list for any two of these builds to use at your next session.