Practice Lab

Build A Lab

Setting up your AD lab

Blue Team Lab Tools

  • ​BlueCloud - Cyber Range deployment of HELK and Velociraptor! Automated terraform deployment of one system running HELK + Velociraptor server with one registered Windows endpoint in Azure or AWS. A collection of Terraform and Ansible scripts that automatically (and quickly) deploys a small HELK + Velociraptor R&D lab.
  • ​Splunk Attack Range - An amazing attack research and training tool for those who Splunk. It is a tool that allows you to create vulnerable instrumented local or cloud environments to simulate attacks against and collect the data into Splunk.
    • Can be preloaded with data from Attack Data, or other data sets found in the Attack Research section of this guide.
  • ​DetectionLab - Automate the creation of a lab environment complete with security tooling and logging best practices
  • ​WindowsAttackAndDefenseLab - This is the lab configuration for the Modern Windows Attacks and Defense class that Sean Metcalf and Jared Haight teach.
  • ​Invoke-UserSimulator - Simulates common user behavior on local and remote Windows hosts.
  • ​Invoke-ADLabDeployer - Automated deployment of Windows and Active Directory test lab networks. Useful for red and blue teams.
  • ​ADImporter - The purpose of the script is to create an arbitrary number of user accounts in a simulated AD environment for training and testing.
  • ​PowerShellClassLab - This is a set of Azure Resource Manager Templates that generates an Active Directory lab consisting of a Domain Controller, two Windows servers and a Linux server.
  • ​SysmonSimulator - Sysmon event simulation utility which can be used to simulate the attacks to generate the Sysmon Event logs for testing the EDR detections and correlation rules by Blue teams.
  • ​ - The Windows 10 and Office 365 Deployment Lab Kit is designed to help you plan, test, and validate modern desktops running Windows 10 Enterprise and Microsoft 365 Enterprise apps, managed by Enterprise Mobility + Security. The lab kit is free to download and uses evaluation software.


Web Apps


Active Directory

  • ​PurpleCloud - It deploys a small Active Directory domain in Azure IaaS, using Terraform + Ansible. Joins three Windows 10 endpoints to a domain and includes a Linux Adversary.