Active Directory Project (Home Lab) | Part 1

MyDFIR

6 Mar 202411:06

Summary

TLDRThis video is the first part of a five-part series on building a functional Active Directory domain environment from scratch. Viewers will learn to install and configure Active Directory, Splunk, and Windows machines. The video focuses on diagram creation and logical lab setup, including hardware requirements, while encouraging problem-solving skills during lab errors. Using draw.io, the presenter demonstrates how to visually map out a network, connecting servers, computers, and other components. The session aims to boost confidence in discussing technical setups during interviews, paving the way for more complex installations in future parts.

Takeaways

😀 The project aims to build a fully functional domain environment from scratch, including Active Directory and Splunk setup.
🛠️ Participants may encounter errors during the labs, encouraging them to enhance their research skills.
📝 Creating a logical diagram for the lab setup is crucial for understanding data flow and network architecture.
💻 Recommended hardware includes at least 16 GB of RAM and 250 GB of disk space for optimal performance.
🖥️ The diagramming tool suggested is draw.io, which is free and user-friendly for creating network diagrams.
🔗 Essential components in the diagram include Splunk and Active Directory servers, a target Windows machine, and an attacker machine (Kali Linux).
🌐 The diagram should clearly indicate connections between devices, including a switch and router for network management.
📡 Data forwarding to the Splunk server will be represented with dotted lines in the diagram.
🔍 Sysmon and Splunk Universal Forwarder will be installed on the target and Active Directory servers to collect and send telemetry data.
🚀 Upcoming parts of the series will cover the installation of tools and components, with opportunities to expand the setup with additional security features.

Q & A

What is the primary goal of the Active Directory project series?
-The primary goal is to build a fully functional domain environment from scratch, focusing on Active Directory, Splunk, and Windows machines.
Why is creating a diagram important in this project?
-Creating a diagram helps understand how data flows within the network and assists in preparing for interviews, where you might be asked to diagram a lab setup.
What tool is recommended for diagramming the network setup?
-The narrator recommends using draw.io, as it is free and easy to access.
What are the minimum hardware requirements for the lab?
-The ideal requirements are at least 16 GB of RAM and 250 GB of disk space to prevent slow performance and issues during setup.
What types of machines will be included in the lab setup?
-The lab will include two servers (one for Splunk and one for Active Directory) and two computers (one target Windows 10 machine and one Kali Linux attacker machine).
How will data flow from the target and servers to Splunk?
-Data will be forwarded from the Active Directory server and target machine to the Splunk server using Splunk Universal Forwarders.
What kind of IP addresses are assigned to the machines in the diagram?
-The Splunk server will have an IP of 192.168.10.10, the Active Directory server will have 192.168.10.20, the target machine will receive a DHCP-assigned IP, and the attacker machine will have 192.168.10.250.
What additional tools will be installed on the target machine?
-The target machine will have Sysmon for telemetry and Atomic Red Team for generating test data.
What is the significance of using dotted lines in the diagram?
-Dotted lines indicate the forwarding of logs from the target and Active Directory servers to the Splunk server.
What will part two of the series cover?
-Part two will focus on the installation of the various components needed to set up the lab environment.