SethSec

In Pentest Home Lab - 0x0 - Building a virtual corporate domain , we talked about why you would want to build your own AD pentest lab, where you can build it, and the pros and cons of each option. In Pentest Home Lab - 0x1 - Building Your AD Lab on AWS , we walked through setting up a fully functional home lab in AWS. In this third installment, I'm going to walk through setting up a pentest active directory home lab in your basement, closet, etc.  I'll be using Proxmox VE, an open source virtualization environment (aka hypervisor) similar to Vmware ESXi or Citrix XEN. The series so far: Pentest Home Lab - 0x0 - Building A Virtual Corporate Domain  (This post) Pentest Home Lab - 0x1 - Building Your AD Lab on AWS Pentest Home Lab - 0x2 - Building Your AD Lab on Premises using Proxmox VE Pentest Home Lab - 0x3 - Kerberoasting: Creating SPNs so you can roast them Table of Contents What are we going to build? Example server specs Let's talk about networ...

Whether you are a professional penetration tester or want to be become one, having a lab environment that includes a full Active Directory domain is really helpful. There have been many times where in order to learn a new skill, technique, exploit, or tool, I've had to first set it up in an AD lab environment. Reading about attacks and understanding them at a high level is one thing, but I often have a hard time really wrapping my head around something until I've done it myself.  Take Kerberoasting for example: Between Tim's talk a few years back ,   Rob's posts , and Will's post , I knew what was happening at a high level, but I didn't want to try out an attack I'd never done before in the middle of an engagement. But before I could try it out for myself, I had to first figure out how to create an SPN. So off to Google I went, and then off to the lab: I set up MSSQL on a domain connected server in my home lab I created a new user in my AD I created a...