Practice Lab

Build A Lab

• https://robertscocca.medium.com/building-an-active-directory-lab-82170dd73fb4

• https://serversforhackers.com/s/start-here

• https://kamran-bilgrami.medium.com/ethical-hacking-lessons-building-free-active-directory-lab-in-azure-6c67a7eddd7f

• Conda's Build a Lab Video Playlist

• SANS Webcast: Building Your Own Super Duper Home Lab - https://www.youtube.com/watch?v=uzqwoufhwyk

• BHIS | No SPAN Port? No Tap? No Problem! - John Strand - https://www.youtube.com/watch?v=EqjmZqa_Dho

• Threat Hunting in Elastic Stack: Building your Threat Hunting Lab - pg. 93

Setting up your AD lab

1. https://1337red.wordpress.com/building-and-attacking-an-active-directory-lab-with-powershell/

2. https://www.youtube.com/watch?v=xftEuVQ7kY0

3. https://sethsec.blogspot.com/2017/05/pentest-home-lab-0x1-building-your-ad.html

4. https://www.fatrodzianko.com/2019/08/05/creating-an-active-directory-lab-in-aws/

5. Conda's AD Lab Video

6. https://blog.spookysec.net//ad-lab-2/ - Building your own AD Lab: Part 2 (2022)

Blue Team Lab Tools

• BlueCloud - Cyber Range deployment of HELK and Velociraptor! Automated terraform deployment of one system running HELK + Velociraptor server with one registered Windows endpoint in Azure or AWS. A collection of Terraform and Ansible scripts that automatically (and quickly) deploys a small HELK + Velociraptor R&D lab.

  • https://blue.iknowjason.io/

• Splunk Attack Range - An amazing attack research and training tool for those who Splunk. It is a tool that allows you to create vulnerable instrumented local or cloud environments to simulate attacks against and collect the data into Splunk.

  • Can be preloaded with data from Attack Data, or other data sets found in the Attack Research section of this guide.

• DetectionLab - Automate the creation of a lab environment complete with security tooling and logging best practices

• WindowsAttackAndDefenseLab - This is the lab configuration for the Modern Windows Attacks and Defense class that Sean Metcalf and Jared Haight teach.

• Invoke-UserSimulator - Simulates common user behavior on local and remote Windows hosts.

• Invoke-ADLabDeployer - Automated deployment of Windows and Active Directory test lab networks. Useful for red and blue teams.

• ADImporter - The purpose of the script is to create an arbitrary number of user accounts in a simulated AD environment for training and testing.

• PowerShellClassLab - This is a set of Azure Resource Manager Templates that generates an Active Directory lab consisting of a Domain Controller, two Windows servers and a Linux server.

• SysmonSimulator - Sysmon event simulation utility which can be used to simulate the attacks to generate the Sysmon Event logs for testing the EDR detections and correlation rules by Blue teams.

• https://www.microsoft.com/en-us/evalcenter/evaluate-lab-kit - The Windows 10 and Office 365 Deployment Lab Kit is designed to help you plan, test, and validate modern desktops running Windows 10 Enterprise and Microsoft 365 Enterprise apps, managed by Enterprise Mobility + Security. The lab kit is free to download and uses evaluation software.

  • https://docs.microsoft.com/en-us/microsoft-365/enterprise/modern-desktop-deployment-and-management-lab?view=o365-worldwide

Practice

• Awesome Lists Collection: Vulnerable

• Vulnerable By Design ~ VulnHub - Full VMs that you can download and pwn on your own local machine.

• https://github.com/Samsar4/Ethical-Hacking-Labs

Web Apps

• WebSploit - Web Penetration Testing Ethical Hacking Learning Environment

• GitHub - WebGoat/WebGoat: WebGoat is a deliberately insecure application

• DVWA - Damn Vulnerable Web Application

• https://github.com/dolevf/Damn-Vulnerable-GraphQL-Application

• OWASP Broken Web Applications Project download | SourceForge.net

• Juice Shop - Insecure Web Application for Training | OWASP

• rapid7/hackazon: A modern vulnerable web app

• vegabird/xvna: Extreme Vulnerable Node Application

• itsecgames.com - bwapp, Buggy Web Application

• https://github.com/webpwnized/mutillidae

• https://www.mavensecurity.com/resources/web-security-dojo

• https://hack.me/

Server/Endpoint

• Zempirians Vulnerable VM platform - Pre-vulnerable environments and challenges for training the public to hack.

• https://metasploit.help.rapid7.com/docs/metasploitable-2

  • https://metasploit.help.rapid7.com/docs/metasploitable-2-exploitability-guide

• OWASP Serverless Goat

Cloud

• iam-vulnerable - Use Terraform to create your own vulnerable by design AWS IAM privilege escalation playground.

Active Directory

• PurpleCloud - It deploys a small Active Directory domain in Azure IaaS, using Terraform + Ansible. Joins three Windows 10 endpoints to a domain and includes a Linux Adversary.

• GOAD - GOAD is a pentest active directory LAB project. The purpose of this lab is to give pentesters a vulnerable Active directory environment ready to use to practice usual attack techniques.

Containers

• badPods - A collection of manifests that will create pods with elevated privileges.

  • https://bishopfox.com/blog/kubernetes-pod-privilege-escalation