Vagrant AD Lab builder for log-based detection research and development
- any new 4 core 8 thread cpu should work
- 16 gigs of RAM should be fine too
- install virtualbox, vagrant
- get a humio cloud account/ingest key
- run: git clone https://github.com/BoredHackerBlog/LogDetectionLab
- run: cd LogDetectionLab
- edit winlogbeat.yml
- run: vagrant up
- walk away for like 30 minutes
- to destroy the lab, run: vagrant destroy -f
- for host to guest port forwarding configuration, check the vagrantfile
- user vagrant is on all the machines, login with vagrant / vagrant
- create-users.ps1 has more user info
- check commit history to see what i fixed
- invoke-atomicredteam does get installed on workstation1 but Defender will remove some files.
vmware project https://github.com/BoredHackerBlog/LogDetectionLabVMWare if you'd like to use that instead of virtualbox
resources i used to help me build this (there could be more that i missed. i had too many tabs open)
https://github.com/clong/DetectionLab
https://github.com/cyberdefenders/DetectionLabELK
https://github.com/jckhmr/adlab
https://academy.tcm-sec.com/p/practical-ethical-hacking-the-complete-course
https://defensiveorigins.com/trainings/
https://www.blackhillsinfosec.com/training/applied-purple-teaming-training/
https://app.vagrantup.com/StefanScherer
https://app.vagrantup.com/kalilinux/boxes/rolling
https://github.com/redcanaryco/atomic-red-team
https://github.com/redcanaryco/invoke-atomicredteam
https://docs.microsoft.com/en-us/sysinternals/downloads/sysmon