Active Directory Project (Home Lab)

Learn Active Directory: Understand the fundamentals of Active Directory setup, administration, and how it functions within a domain environment.
Build a hands-on testing environment: Create a simulated environment to practice and experiment with Active Directory and related security concepts.
Gain IT experience: Build technical skills that are valuable for both blue team (defenders) and red team (attackers) scenarios.

Components:

Windows Server 2022:: Acts as the domain controller, hosting the Active Directory service.
Windows 10/11:: Represents a target machine within the domain that will be subject to attacks and monitoring.
Splunk:: A SIEM (Security Information and Event Management) system to collect and analyze logs from the Windows machines.
Sysmon:: A logging utility installed on the Windows machines to gather more detailed telemetry.
Kali Linux:: A penetration testing distribution used to simulate attacks against the lab environment.
Atomic Red Team:: A framework for testing attacks, providing pre-built attack scenarios.

Setup: VirtualBox is used to create virtual machines for each component, allowing the entire setup to run on a single computer.
Active Directory: Windows Server 2022 is configured as a domain controller, managing users, computers, and groups in the simulated domain. The Windows 10 machine is joined to this domain.
Logging: Sysmon is installed on the Windows machines to provide detailed event logs. Splunk is configured to receive these logs.
Attack Simulation: Kali Linux is used to launch attacks against the domain environment (e.g., brute-force attacks). Atomic Red Team is used for more advanced attack scenarios.
Defense and Analysis: Splunk gathers logs from the attack activity. You learn to analyze data in Splunk for security monitoring and incident response.