attack_range
A tool that allows you to create vulnerable instrumented local or cloud environments to simulate attacks against and collect the data into Splunk (by splunk)
BadBlood
BadBlood by @davidprowe, Secframe.com, fills a Microsoft Active Directory Domain with a structure and thousands of objects. The output of the tool is a domain similar to a domain in the real world. After BadBlood is ran on a domain, security analysts and engineers can practice using tools to gain an understanding and prescribe to securing Active Directory. Each time this tool runs, it produces different results. The domain, users, groups, computers and permissions are different. Every. Single. Time. (by davidprowe)
| attack_range | BadBlood | |
|---|---|---|
| 12 | 10 | |
| 1,965 | 1,906 | |
| 2.3% | - | |
| 7.7 | 0.0 | |
| 14 days ago | 11 months ago | |
| Jinja | PowerShell | |
| Apache License 2.0 | GNU General Public License v3.0 only |
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
attack_range
Posts with mentions or reviews of attack_range.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2023-06-08.
-
Splunk core certification
My advice… Don’t rush. Study the material and get a good understanding of the fundamentals. Each certification builds on the previous ones. If Splunk is a path you want to pursue, build those fundamentals. Put in the reps in a lab. Download BOTS, attack range data sets. Take a look at Splunk & Machine Learning YouTube channel. His videos are fantastic and he maintains a GitHub repo so you can use the datasets to practice what you learned on the video.
- Is there any repository for sample raw audit logs for various software platforms?
- Need to setup AD lab for praticing..
-
Dataset I can test IDS/IPS tools against?
Somewhat related, but if you’re using splunk, you could use Splunk Attack Range which simulates attacks.
- learning splunk. is there a way to "play" with it?
-
Introducing Splunk Attack Range v2.0
hey I think you are looking at a older repo for the local attack_range, we have not maintained this .. the current Splunk Attack Range lives here: https://github.com/splunk/attack_range/
-
Anyone have experience building a Windows AD lab environment in Docker?
Since you mention your in-depth ELK workflow, have you tried DetectionLab or Splunk's Attack Range? If you just want a fully working AD domain set up with various hosts, you can spin up the Red Team Attack Lab and then hook in your own logging stuff after it's built.
-
Terraform and Ansible
This is a project I've contributed to at work. It's designed to launch & configure a lab environment for security researchers, but that's not too important. It has a python CLI that takes a configuration file. That config file determines what bits of Terraform and ansible are executed. The Terraform builds instances in AWS (or Azure) and all the associated bits, and then calls the ansible playbook to provision that type of host.
-
Cool security project using Splunk?
Attack range: https://github.com/splunk/attack_range
-
How-to build detection scenarios properly?
have a look at Splunk's Attack Range project, which automates Caldera and Atomic Red Team for these kinds of purposes. i think this might help you as you gauge visibility, rulesets, etc ... https://github.com/splunk/attack_range
BadBlood
Posts with mentions or reviews of BadBlood.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2023-05-27.
-
Powershell error message help from using Powerview.ps1
If you want to try more of this kind of stuff or explore what you can find with PowerSploit I can recommend running BadBlood on your DC (after taking a snapshot) https://github.com/davidprowe/BadBlood It creates a bunch of randomized users, groups, OUs, SPNs and stuff.
- Need to setup AD lab for praticing..
- Failed with 60 points (with Lab report) in first attempt
- Virtual AD environmnet to play with Bloodhound
- Active directory scripts for setting a lab?
-
Complex AD Lab
you may want to check out something like this. https://github.com/davidprowe/BadBlood
- BadBlood fills a Microsoft Active Directory Domain with a structure and thousands of objects. The output of the tool is a domain similar to a domain in the real world. After BadBlood is ran on a domain, security analysts and engineers can practice using tools...
- There was a resource I found a while ago, a GitHub repo with scripts for setting up vulnerable AD configurations for a home lab. Does anyone know the one?
- Active directory pen testing lab
-
Cybersecurity physical labs
take a look at https://github.com/microsoft/MSLab, you can install Hyper-V 2019 server and use the scenarios to create a lab to your liking. I'm using this approach to establish a stable/consistent starting point for an AD environment with OUs, computers, groups, and users generated randomly by https://github.com/davidprowe/BadBlood to gauge the differences in logging and detection fidelity between different EDR solutions.
What are some alternatives?
When comparing attack_range and BadBlood you can also consider the following projects:
DetectionLab - Automate the creation of a lab environment complete with security tooling and logging best practices
vulnerable-AD - Create a vulnerable active directory that's allowing you to test most of the active directory attacks in a local lab
red_team_attack_lab - Red Team Attack Lab for TTP testing & research
AutomatedLab - AutomatedLab is a provisioning solution and framework that lets you deploy complex labs on HyperV and Azure with simple PowerShell scripts. It supports all Windows operating systems from 2008 R2 to 2022, some Linux distributions and various products like AD, Exchange, PKI, IIS, etc.
BlueTeam.Lab - Blue Team detection lab created with Terraform and Ansible in Azure.
GOAD - game of active directory
awesome-emulators-simulators - A curated list of software emulators and simulators of PCs, home computers, mainframes, consoles, robots and much more...
attack_range_local - Build a attack range in your local machine
WSLab - Azure Stack HCI, Windows 10 and Windows Server rapid lab deployment scripts
fakernet - A framework for quickly creating internet-like services for labs, exercises, and research.
ADLab - Custom PowerShell module to setup an Active Directory lab environment to practice penetration testing.
attack_range vs DetectionLab
BadBlood vs vulnerable-AD
attack_range vs red_team_attack_lab
BadBlood vs AutomatedLab
attack_range vs BlueTeam.Lab
BadBlood vs GOAD
attack_range vs awesome-emulators-simulators
BadBlood vs DetectionLab
attack_range vs attack_range_local
BadBlood vs WSLab
attack_range vs fakernet
BadBlood vs ADLab