chvancooten/CloudLabsAD chvancooten/CloudLabsAD

  • Stars
    star
    268
  • Rank 148,112 (Top 3 %)
  • Language
    Shell
  • License
    MIT License
  • Created about 2 years ago
  • Updated about 1 year ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
chvancooten/CloudLabsAD
github

chvancooten

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Terraform + Ansible deployment scripts for an Active Directory lab environment.

Cloud Labs AD

By @chvancooten, Ansible role for Elastic Security deployment by @nodauf

Provisioning scripts for an Active Directory lab environment. Designed to be deployed to Azure using the Azure cloud shell.

Setup

The lab is provisioned automatically using Terraform and Ansible. First, Terraform deploys all the infrastructure and prepares the machines for provisioning. It then kicks off a role-based Ansible playbook from the Debian attacker machine to provision the Windows-based machines. The full process takes about 15 to 20 minutes to complete.

💸 Note: The machine sizes are moderately large by default ('Standard_B4ms'). In my testing the bill was approx. €10 per day of active use, your mileage may vary. Change the appropriate 'size' settings in terraform.tfvars to change machine sizes.

Deployment

  • Clone the repo to your Azure cloud shell. It conveniently has all you need (Terraform and an authenticated Azure provider). Alternatively, install and configure Terraform and the Azure provider yourself. Ansible is installed automatically as part of the provisioning process.
  • Copy terraform.tfvars.example to terraform.tfvars in the Terraform directory, and configure the variables appropriately.
  • In the same directory, run terraform init.
  • When you're ready to deploy, run terraform apply (or terraform apply --auto-approve to skip the approval check).

Once deployment and provisioning have finished, the output variables (public IP / DNS name, administrative passwords, machine names, etc.) will be displayed. You are now ready to connect to the labs!

Post-Deployment Configuration

  • If you want to use ADCS, you have to RDP to the DC and follow the post-deployment configuration steps to activate ADCS and the ADCS web enrolment endpoint. Make sure to enable the 'Certification Authority', 'Certification Authority Web Enrollment', and 'Certificate Enrollment Web Service' role services (you can leave the default settings otherwise).

Removal

  • When you're done with the labs, run terraform destroy to tear down the environment.

Labs

Lab overview

The labs consist of a selection of machines:

  • Windows Server 2016 DC
    • Active Directory Certificate Services (ADCS) installed
  • Windows Server 2019
    • Internet Information Services (IIS) web server with simple vulnerable app
  • Windows 10 client
  • Debian box with Elastic Endpoint Security
    • Elastic Agent is deployed to all Windows machines via Fleet
  • Debian attacker box

One public IP is exposed for the whole lab. The IP ranges defined in the ip-whitelist are allowed to access the following ports on this IP address, which are bound to the following services using a load balancer:

  • Port 22 -> Attacker machine SSH
  • Port 80 -> Windows Server 2019 IIS web server with vulnerable page
  • Port 3389 -> Windows 10 Client RDP

Another public IP is used for outbound Internet connectivity for all lab machines.

Wishlist

At a later point I might add the following:

  • Advanced logging configs on Windows
  • Exchange Server + Microsoft Office on Win10 machine

More Repositories

1

maldev-for-dummies

A workshop about Malware Development
Nim
1,385
star
2

follina.py

POC to replicate the full 'Follina' Office RCE vulnerability for testing purposes
Smarty
1,119
star
3

OSEP-Code-Snippets

A repository with my notable code snippets for Offensive Security's PEN-300 (OSEP) course.
C#
946
star
4

BugBountyScanner

A Bash script and Docker image for Bug Bounty reconnaissance. Intended for headless use.
Shell
791
star
5

NimPlant

A light-weight first-stage C2 implant written in Nim.
Nim
675
star
6

NimPackt-v1

Nim-based assembly packer and shellcode loader for opsec & profit
Nim
427
star
7

OSCP-MarkdownReportingTemplates

Markdown reporting templates and Pandoc styling references to generate sleek reports for OSCP/PWK with little effort.
185
star
8

conferences

A collection of presentations and other contributions I have made to conferences.
27
star
9

nimbuild

A Docker container used to easily compile Nim binaries generated by my tools (NimPackt and NimPlant)
Dockerfile
12
star
10

homeassistant-googletokenretriever

A script for automatically retrieving Google Home API keys into Home Assistant
Shell
12
star
11

homeassistant-idasen-control

A Flask webhook-like wrapper to integrate IDÃ…SEN desk control into Home Assistant. Based on Python component by Rhyst.
Python
8
star
12

chvancooten.github.io

https://casvancooten.com
4
star
13

homeassistant

Home Assistant smart home configuration
Python
1
star