DetectionLab is tested weekly on Saturdays via a scheduled CircleCI workflow to ensure that builds are passing. This lab has been designed with defenders in mind. Its primary purpose is to allow the user to quickly build a Windows domain that comes pre-loaded with security tooling and some best practices when it comes to system logging configurations. It can easily be modified to fit most needs or expanded to include additional hosts.
NOTE: This lab has not been hardened in any way and runs with default vagrant credentials. Please do not connect or bridge it to any networks you care about. This lab is deliberately designed to be insecure; the primary purpose of it is to provide visibility and introspection into each host.
Also Read – Custom Header : Automatic Add New Header To Entire BurpSuite HTTP Requests
Primary Lab Features
\\wef\pslogs
Requirements
Quickstart
Building DetectionLab from Scratch
There are currently three ways to build the lab:
If you choose to use the boxes hosted on Vagrant Cloud, you may skip steps 2 and 3. If you don’t trust pre-built boxes, I recommend following steps 2 and 3 to build them on your machine.
cd
to the Packer directory and build the Windows 10 and Windows Server 2016 boxes using the commands below. Each build will take about 1 hour. As far as I know, you can only build one box at a time.$ cd detectionlab/Packer
$ packer build –only=[vmware|virtualbox]-iso windows_10.json
$ packer build –only=[vmware|virtualbox]-iso windows_2016.json
mv *.box ../Boxes
cd
into the Vagrant directory: cd ../Vagrant
and edit the Vagrantfile
. Change the lines cfg.vm.box = "detectionlab/win2016"
and cfg.vm.box = "detectionlab/win10
to cfg.vm.box = "../Boxes/windows_2016_<provider>.box"
and “cfg.vm.box = "../Boxes/windows_10_<provider>.box"
respectively. vagrant plugin install vagrant-reload
vagrant plugin install vagrant-vmware-desktop
.vagrant plugin license vagrant-vmware-desktop <path_to_.lic>
../build.sh
(Mac & Linux) or ./build.ps1
(Windows). This script will do the following:Vagrant
folder as vagrant_up_<host>.log
. If filing an issue, please paste the contents of that log into a Gist to help with debugging efforts. shadow-rs is a Windows kernel rootkit written in Rust, demonstrating advanced techniques for kernel manipulation…
Extract and execute a PE embedded within a PNG file using an LNK file. The…
Embark on the journey of becoming a certified Red Team professional with our definitive guide.…
This repository contains proof of concept exploits for CVE-2024-5836 and CVE-2024-6778, which are vulnerabilities within…
This took me like 4 days (+2 days for an update), but I got it…
MaLDAPtive is a framework for LDAP SearchFilter parsing, obfuscation, deobfuscation and detection. Its foundation is…