There are many good Cyber Security learning systems out there such as Hack the Box, Try Hack Me, and Blue Team Labs to name a few, but I still believe hands-on in a live(live lab anyway) environment is the best way to learn.
Why Active Directory? First, according to a quick search, multiple sources are reporting that 90-95% of Fortune 500 companies are still using Active Directory to some extent. Second, Identity systems are a prime target for attackers due to the access and ability to pivot they offer.
So let's look at what it takes to set up a Cyber Lab where we can use real red and blue team tools in an Active Directory environment. We don't need a whole lot just a basic network(to keep this safely isolated), a Domain Controller, a workstation, and our tools(Attacker/Defender) system. On the Network, I strongly recommend this be isolated from any other network be it a production or even your home network.
The Software
This is where the magic really is. Virtualization allows us to build an entire network with servers and clients all in software on just one computer. We will need a bit more hardware than the absolute minimum for basic computing. For software, I will be using Oracles Virtual Box software. This is a freely available type 2 hypervisor(meaning it runs on top of an existing operating system). Not only is it free for our use it is also available for Windows, MacOS, and Linux.
The Hardware
Just about any Intel or AMD based computer from the last 10 years should work as long as it has an SSD and 12 or more Gigabytes of RAM. There are some Intel CPU's that don't support virtualization they are pretty uncommon but if you buy a used system you may want to do a bit of research first.
Where is how you can check to see if an Intel CPU supports VT-x
https://www.intel.com/content/www/us/en/support/articles/000005486/processors.html
The host I will be using is a cheap Intel N100 based system I've had for a bit. It is a 4 core 4 thread system with 12GB of RAM. This could just as easily be an existing or cheap used system. You will want at least 4 threads, 12GB of RAM, and an SSD. This could be done with 8GB of RAM but you will probably have to be selective about what VMs are enabled, you may not need both the client and tools VM active at the same time.
Again you don't need expensive hardware, brand-new systems with the same CPU and even more RAM can be had for under $150 US. Used systems off Ebay or your local thrift store could be even less.
Host
- Windows 10 Home Standard
- 4 core 4 thread Intel N100
- 12GB of Ram
- 512GB NVME SSD
- Single 1Gbps NIC
- WiFi 5
Network Diagram
As you can see this will be a very simple and yes flat network. I will be using the network 172.16.254.0/24. You can use something else but it needs to be from the private ranges described in RFC 1918 and shouldn't overlap with any networks your host will connect to.
IEEE RFC 1918 for reference https://datatracker.ietf.org/doc/html/rfc1918
.png)
Let's look at what we will need for the resources on each VM. All in we are looking at 6GB of RAM and up to 116GB of storage, this will be dynamic so the disk files will only grow as needed.
CPU, we are going to be oversubscribed(more assigned than we actually have) this is not as big of a deal on the CPU we won't be pushing multiple VM's very often but it will be slow when we do.
RAM,
Disk,6
Gateway
- 1 CPU
- 512MB of Ram
- 16GB Disk
Domain Controller
- 2 CPU
- 1,536MB of Ram
- 30GB Disk
Workstation
- 2 CPU
- 2.048MB of Ram
- 30GB Disk
Kali
- 2 CPU
- 2.048MB of Ram
- 30GB Disk
No comments:
Post a Comment