Practice Lab
Build A Lab
SANS Webcast: Building Your Own Super Duper Home Lab - https://www.youtube.com/watch?v=uzqwoufhwyk
BHIS | No SPAN Port? No Tap? No Problem! - John Strand - https://www.youtube.com/watch?v=EqjmZqa_Dho
Threat Hunting in Elastic Stack: Building your Threat Hunting Lab - pg. 93
Setting up your AD lab
https://blog.spookysec.net//ad-lab-2/ - Building your own AD Lab: Part 2 (2022)
Blue Team Lab Tools
BlueCloud - Cyber Range deployment of HELK and Velociraptor! Automated terraform deployment of one system running HELK + Velociraptor server with one registered Windows endpoint in Azure or AWS. A collection of Terraform and Ansible scripts that automatically (and quickly) deploys a small HELK + Velociraptor R&D lab.
Splunk Attack Range - An amazing attack research and training tool for those who Splunk. It is a tool that allows you to create vulnerable instrumented local or cloud environments to simulate attacks against and collect the data into Splunk.
Can be preloaded with data from Attack Data, or other data sets found in the Attack Research section of this guide.
DetectionLab - Automate the creation of a lab environment complete with security tooling and logging best practices
WindowsAttackAndDefenseLab - This is the lab configuration for the Modern Windows Attacks and Defense class that Sean Metcalf and Jared Haight teach.
Invoke-UserSimulator - Simulates common user behavior on local and remote Windows hosts.
Invoke-ADLabDeployer - Automated deployment of Windows and Active Directory test lab networks. Useful for red and blue teams.
ADImporter - The purpose of the script is to create an arbitrary number of user accounts in a simulated AD environment for training and testing.
PowerShellClassLab - This is a set of Azure Resource Manager Templates that generates an Active Directory lab consisting of a Domain Controller, two Windows servers and a Linux server.
SysmonSimulator - Sysmon event simulation utility which can be used to simulate the attacks to generate the Sysmon Event logs for testing the EDR detections and correlation rules by Blue teams.
https://www.microsoft.com/en-us/evalcenter/evaluate-lab-kit - The Windows 10 and Office 365 Deployment Lab Kit is designed to help you plan, test, and validate modern desktops running Windows 10 Enterprise and Microsoft 365 Enterprise apps, managed by Enterprise Mobility + Security. The lab kit is free to download and uses evaluation software.
Practice
Vulnerable By Design ~ VulnHub - Full VMs that you can download and pwn on your own local machine.
Web Apps
itsecgames.com - bwapp, Buggy Web Application
Server/Endpoint
Zempirians Vulnerable VM platform - Pre-vulnerable environments and challenges for training the public to hack.
Cloud
iam-vulnerable - Use Terraform to create your own vulnerable by design AWS IAM privilege escalation playground.
Active Directory
PurpleCloud - It deploys a small Active Directory domain in Azure IaaS, using Terraform + Ansible. Joins three Windows 10 endpoints to a domain and includes a Linux Adversary.
GOAD - GOAD is a pentest active directory LAB project. The purpose of this lab is to give pentesters a vulnerable Active directory environment ready to use to practice usual attack techniques.
Containers
badPods - A collection of manifests that will create pods with elevated privileges.
Last updated