Skip to content

jfmaes/aws_mini_ad

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

15 Commits
lateralmovement-workshop
lateralmovement-workshop
 
 
privesc-workshop
privesc-workshop
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

aws_mini_ad

An Infrastructure as code proof of concept to deploy a bare minimum AD environment in AWS.

The infrastructure is built with terraform and ansible and is divided into a production and dev environment. The dev environment starts from bare bones clean windows AMI base images and require ansible to provision the environment. a sample playbook is provided. The prod environment spins up a preprovisioned (snapshotted) range that was provisioned with the ansible playbooks in the dev folder. Several helper scripts are also available to create snapshots yourself, make AMI's public and duplicate them accross regions.

This repository now houses two workshops, one lateral movement detection workshop and one privesc workshop. folder structure is simmilar between the two workshops.

To spin up the AWS AD environment you can use

python3 manager.py deploy -r <your region> -t <your version tag>

At this point in time the following regions are supported: us-east-1,us-west-1,eu-west-1

The version tag for the privesc workshop is v0.1 The version tag for the lateral movement workshop is v0.2

There is a walkthrough with some demonstration attack paths in this range using Empire available here:
Privesc : https://logout.gitbook.io/ad-privesc-with-empire Lateral Movement: https://logout.gitbook.io/lateral-movement-in-ad-with-empire

The lab environment consists of three domains:

  • sandbox.pwnzone.lab
  • pwnzone.lab
  • treasureisland.lab

There is 1 workstation in the domain:

  • ws01.sandbox.pwnzone.lab

The 3 domaincontrollers are:

  • sandbox-dc01.sandbox.pwnzone.lab
  • pwnzone-dc01.pwnzone.lab
  • treasure-dc01.treasureisland.lab

There is a bastion host that will provide an openvpn file to connect into the environment. This is the only entry point into the environment as non of the other systems are provisioned with a public IP address in AWS.

An overview of credentials can be found in the files directory of the dev folder.

If you liked the workshop, consider registering for SANS SEC565: Red Team Operations and Adversary Simulation

https://www.sans.org/cyber-security-courses/red-team-operations-adversary-emulation/

About

An Infrastructure as code proof of concept to deploy a bare minimum AD environment in AWS.

Resources

Readme

License

MIT license
Activity

Stars

46 stars

Watchers

1 watching

Forks

13 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages