red_team_attack_lab
BadBlood
red_team_attack_lab | BadBlood | |
---|---|---|
5 | 10 | |
476 | 1,906 | |
- | - | |
4.5 | 0.0 | |
12 months ago | 11 months ago | |
PowerShell | PowerShell | |
GNU General Public License v3.0 only | GNU General Public License v3.0 only |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
red_team_attack_lab
- Can anyone describe their red team infrastructure?
-
Non-Internet Connected IAC Range
There are some pretty solid examples like splunk attack range or detection lab available on GitHub. They leverage ansible, virtual box, and vagrant. My team used to use red team lab https://github.com/Marshall-Hallenbeck/red_team_attack_lab internally for demos, but has since moved to Snaplabs for the ease of deployment and cost. I can have a junior engineer spin up an entire Ad instance from a template in 5 minutes vs fighting virtual box and ansible to 2 days.
-
Active directory scripts for setting a lab?
Try this https://github.com/Marshall-Hallenbeck/red_team_attack_lab
-
Anyone have experience building a Windows AD lab environment in Docker?
Since you mention your in-depth ELK workflow, have you tried DetectionLab or Splunk's Attack Range? If you just want a fully working AD domain set up with various hosts, you can spin up the Red Team Attack Lab and then hook in your own logging stuff after it's built.
- Red Team Attack Lab for TTP testing & research
BadBlood
-
Powershell error message help from using Powerview.ps1
If you want to try more of this kind of stuff or explore what you can find with PowerSploit I can recommend running BadBlood on your DC (after taking a snapshot) https://github.com/davidprowe/BadBlood It creates a bunch of randomized users, groups, OUs, SPNs and stuff.
- Need to setup AD lab for praticing..
- Failed with 60 points (with Lab report) in first attempt
- Virtual AD environmnet to play with Bloodhound
- Active directory scripts for setting a lab?
-
Complex AD Lab
you may want to check out something like this. https://github.com/davidprowe/BadBlood
- BadBlood fills a Microsoft Active Directory Domain with a structure and thousands of objects. The output of the tool is a domain similar to a domain in the real world. After BadBlood is ran on a domain, security analysts and engineers can practice using tools...
- There was a resource I found a while ago, a GitHub repo with scripts for setting up vulnerable AD configurations for a home lab. Does anyone know the one?
- Active directory pen testing lab
-
Cybersecurity physical labs
take a look at https://github.com/microsoft/MSLab, you can install Hyper-V 2019 server and use the scenarios to create a lab to your liking. I'm using this approach to establish a stable/consistent starting point for an AD environment with OUs, computers, groups, and users generated randomly by https://github.com/davidprowe/BadBlood to gauge the differences in logging and detection fidelity between different EDR solutions.
What are some alternatives?
cervantes - Cervantes is an open-source, collaborative platform designed specifically for pentesters and red teams. It serves as a comprehensive management tool, streamlining the organization of projects, clients, vulnerabilities, and reports in a single, centralized location.
vulnerable-AD - Create a vulnerable active directory that's allowing you to test most of the active directory attacks in a local lab
GOAD - game of active directory
AutomatedLab - AutomatedLab is a provisioning solution and framework that lets you deploy complex labs on HyperV and Azure with simple PowerShell scripts. It supports all Windows operating systems from 2008 R2 to 2022, some Linux distributions and various products like AD, Exchange, PKI, IIS, etc.
Infosec_Reference - An Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.
passwordstate-decryptor - PowerShell script that decrypts password entries from a Passwordstate server.
DetectionLab - Automate the creation of a lab environment complete with security tooling and logging best practices
attack_range - A tool that allows you to create vulnerable instrumented local or cloud environments to simulate attacks against and collect the data into Splunk
WSLab - Azure Stack HCI, Windows 10 and Windows Server rapid lab deployment scripts
gitjacker - 🔪 :octocat: Leak git repositories from misconfigured websites
ADLab - Custom PowerShell module to setup an Active Directory lab environment to practice penetration testing.