Active Directory Project (Home Lab) | Intro

MyDFIR

4 Mar 202406:17

Summary

TLDRThis project series guides viewers in creating a home lab for learning Active Directory and IT security. Over five parts, participants will install Windows Server, Windows 10, Kali Linux, and Splunk using VirtualBox, allowing for hands-on experimentation. The series covers diagramming setups, configuring AD and Sysmon, and conducting Brute Force attacks while monitoring telemetry with Splunk. Viewers are encouraged to document their work for their portfolios and can expect additional resources, including a SOC course for deeper learning. Overall, this project offers a comprehensive, practical approach to building IT skills.

Takeaways

😀 Most organizations use Active Directory to manage resources like users, computers, and groups.
🛠️ The project series will guide you in building a home lab for both blue and red team activities.
📊 By the end of the series, you will have your own Active Directory environment and a Splunk instance for event ingestion.
💻 VirtualBox will be used to set up Windows Server 2022, Windows 10, Kali Linux, and Splunk, allowing for easy experimentation.
🔍 Part three focuses on installing and configuring Sysmon for logging and Splunk for querying telemetry.
⚙️ Active Directory configuration on Windows Server will be covered, including promoting it to a domain controller.
🔐 You will create new domain users and join a target PC to the newly created domain.
💥 Kali Linux will be used in the final part to perform a brute force attack, analyzing the generated telemetry with Splunk.
🔧 Troubleshooting guidance will be available for common errors encountered during the project.
🎓 A separate course will delve deeper into attack scenarios, alerts, reports, and dashboards using Splunk for aspiring SOC analysts.

Q & A

What is the main goal of the project series described in the video?
-The main goal is to help participants build a home lab environment to learn about Active Directory, Splunk, and security practices, including both blue and red team perspectives.
What software and tools will participants use during the project?
-Participants will use Windows Server 2022, Windows 10, Kali Linux, Splunk, and Ubuntu Server, all set up in VirtualBox.
Why is it recommended to create a diagram for the project?
-Creating a diagram helps visualize the network setup, which is useful for interviews where candidates may be asked to explain or secure their architecture.
What is the significance of Sysmon in this project?
-Sysmon is used for logging purposes, which helps in capturing and analyzing telemetry data within the Splunk instance.
What kind of attack will be demonstrated in the final part of the series?
-The final part will demonstrate a brute force attack on a domain user account, showcasing the telemetry generated in Splunk.
How can participants troubleshoot issues they encounter during the project?
-Participants are encouraged to research errors they encounter and ask questions in the comments section, as others may have faced similar issues.
What additional resources are offered for those interested in learning more about Splunk?
-Participants are directed to Splunk's documentation and free training videos for further learning on creating alerts, reports, and dashboards.
What is Atomic Red Team, and how will it be used in this project?
-Atomic Red Team is a collection of test scenarios designed to simulate attacks; it will be used to demonstrate the telemetry generated during security assessments.
How does this project benefit both red and blue team perspectives?
-Red team members can practice attack techniques, while blue team members can focus on detection and alert creation using the telemetry generated during the attacks.
Is there a follow-up course available for participants after completing the project?
-Yes, there will be a paid course that goes into more detail on attack scenarios, alerts, reports, and dashboards in Splunk for aspiring or current SOC analysts.