It’s Getting Hot In The Lab…
The past couple days I’ve been building out the lab that will be utilized for a lot of my tool demonstrations and exploit walkthroughs presented on this blog. The setup is beautifully simple: a Windows Active Directory Domain environment with several connected workstations of various O/S versions and patch status. This lab will at least vaguely mimic some key aspects of a typical corporate Windows environment and will allow for lateral movement and privilege escalation scenarios across the Domain.
As you’ll quickly notice upon reviewing the listing of lab machines below, there is a definite theme to this blog (got to keep it fun, right?!). The Domain Controller is named DANTE and the respective Domain is INFERNO. As in, Dante’s Inferno… *awaits applause* Each workstation is named after a deadly sin (for example, an unpatched XP machine is appropriately named SLOTH). 🙂
Configurations of machines, such as firewall and antivirus software, will change over time to support various demonstrations. Again, any constructive feedback is appreciated and stay tuned for my first demonstration!
INFERNO Domain Lab Machines:
DANTE – Windows 2008 R2 (Domain Controller/DNS)
GREED – Windows 7 64-bit (SP1 fully patched)
ENVY – Windows 7 64-bit (pre-SP1 unpatched)
WRATH – Windows XP 32-bit (SP3 fully patched)
SLOTH – Windows XP 32-bit (pre-SP1 unpatched)
David W Millar
Hey Jonathan,
Three questions:
1 – Are these bare metal installations? Virtualized? Network Topology?
2 – Do you use any configuration management tools for your setup? It might be overkill for your purposes, but it might also be pretty sweet if anyone could clone a github repo and stand up a clone of your lab with minimal effort. I mostly use Ansible and Docker these days. Ansible’s Windows support has become very mature as of recent:
* http://www.ansible.com/
* http://docs.ansible.com/ansible/intro_windows.html
* http://docs.ansible.com/ansible/list_of_windows_modules.html
3 – The most boring question: Did you need to purchase full-fledged individual licenses for these boxes, or are you aware of any more limited licenses for the express purpose of research / education / testing? I’ve used the Microsoft ‘modern ie’ VMs in combination with some tooling ( https://github.com/xdissent/ievms and https://github.com/xdissent/iectrl ), but these are very IE-testing-centric VMs that require care and feeding.
Jonathan
David,
Currently, the lab is virtualized and the topology is flat. I do aim to add some complexity in the future with various network devices; however, that’s a little bit off.
I will definitely take a look at your suggestions going forward!
– J