This lab's purpose was to gain hands on experience setting up an Windows Active Directory environment and utilizing some blue team related tools, including: a SIEM (Splunk); Sysmon logging forwarded to Splunk, and more planned in future additions to this project. The overall general set up included setting up 4 virtual machines; 2 servers, 2 desktops. One server acting as the Splunk logger, one server acting as the windows Active Directory Domain Controller, one desktop acting as the target windows machine that will join the Active Directory environment and be attacked by the last virtual machine, a kali linux used to conduct attacks on the target windows machine.
- Gain hands-on experience setting up an Active Directory environment.
- Gain experience working with Splunk
- Gain experience forwarding logs, and generating/inspecting telemetry
- Deployed Splunk Universal Forwarder agents on multiple virtual machines to forward logs
- Splunk
- Atomic Red Team
- Windows Active Directory
- Mitre Attack Matrix
- Virtualization
- Sysmon Logging
Step One with image:
Step Two with image: