Showing posts from May, 2017

Pentest Home Lab - 0x1 - Building Your AD Lab on AWS

In Pentest Home Lab - 0x0 - Building a virtual corporate domain , we talked about why you would want to build your own AD pentest lab, where you can build it (cloud vs on-premises options), and the pros and cons of each option. This post covers building your lab on AWS. Even if you have a lab at home, setting up a small second home lab on AWS is a worthwhile exercise. You'll learn a lot about AWS in the process. The series so far: Pentest Home Lab - 0x0 - Building A Virtual Corporate Domain  (This post) Pentest Home Lab - 0x1 - Building Your AD Lab on AWS Pentest Home Lab - 0x2 - Building Your AD Lab on Premises using Proxmox VE Pentest Home Lab - 0x3 - Kerberoasting: Creating SPNs so you can roast them Table of Contents What are we going to build? Creating your AWS instances Instance #1: This will be the Domain Controller Instance #2: This will be Workstation01  Disable IE Enhanced Security Configuration Instances #3 & #4 (Optional) Create security

Pentest Home Lab - 0x0 - Building a virtual corporate domain

Whether you are a professional penetration tester or want to be become one, having a lab environment that includes a full Active Directory domain is really helpful. There have been many times where in order to learn a new skill, technique, exploit, or tool, I've had to first set it up in an AD lab environment. Reading about attacks and understanding them at a high level is one thing, but I often have a hard time really wrapping my head around something until I've done it myself.  Take Kerberoasting for example: Between Tim's talk a few years back ,   Rob's posts , and Will's post , I knew what was happening at a high level, but I didn't want to try out an attack I'd never done before in the middle of an engagement. But before I could try it out for myself, I had to first figure out how to create an SPN. So off to Google I went, and then off to the lab: I set up MSSQL on a domain connected server in my home lab I created a new user in my AD I created a