As my home network grows, I’ve been trying to tighten down the security and separate devices/VMs/containers into vlans and hide them behind reverse proxies and security gateways.
That being said, I would love to hear what approaches folks use to pen test their self hosted environments to find any holes/leaks.
nmap will do a good job of handling incoming connections, fairly restrictive router firewall rules and logs/grafana metrics keep an eye on what goes out.