Hi, this page will be where I will keep my notes on building out infrastructure that can be used for testing techniques and new tools which are released.

Lab Environment

Deploy Walled Garden network architecture setup

  • External Firewall
  • VPN Gateway to Internal Network

Windows AD - Red Forest

1 x DC (bll-dc01) - WSUS/SCCM [] - [GPO Done for entire domain to push updates]

1 x WSUS Server - SCCM

1 x Windows 10 (1809)

1 x DNS Server (Windows Server 2016/9)

1 x DHCP Server (Windows Server 2016/9) - disable DNS forwarding etc in pfsense - configure resolver - put on same box as DNS server

1 x Firewall,VPN Router (Security Appliance) - (Check Point)

1 x logging server [Management box - logging etc]

1 x Mail server (Exchange server)

  • Or E5 trial

1 x File server (DFS)

1 x MS Advanced Threat Analytics

1 x SQL Server

System Administration Tools

Useful system admin tools, which could be used in the lab environment:

  • https://psappdeploytoolkit.com/

Security Controls

1 x GPO Hardening - AppLocker

1 x LAPS (management box)

1 x GPOs disabling stuff? [SMB], Responder needs doing (LLMNR)

1 x Logging

  • other blue team techniques
  • Anomaly detections
  • Memory forensics

Hardware, Networking and Virtualisation

1 x Hyper-V Server (x2 physical network interfaces)

Hyper-v Server

All VMs within Hyper-v, with Veeam used for backing up VMs and restoring.

1 x Firewall,VPN Router (Security Appliance) - (Check Point) (Physical)

Automated User Simulation

Configure sheepl from SpiderLabs

https://github.com/SpiderLabs/sheepl

Fictitious Organisation

The infrastructure environment will aim to simulate a typical bank, with relevant users and applications.

We can create different goals, such as obtaining access to source code for applications from the Development department.

Company = bankinglab.local (BLL)

AD Structure

Y x Forests (Regional based, i.e UK, US etc) - uk.bankinglab.local, us.bankinglab.local

  • Forest Trust
    • Bi-Directional Trusts P x Parent and child domains

Use AD Sites and Services instead to split up UK and US and separate OUs, and have a single domain. Apply GPOs to objects within the AD Sites.

Computer Name Structure

OU Structure

Each OU could be broken down based on department etc, however this may result in unnecessary management overhead.

  • User Structure:
  • Retail Banking
  • Commercial Banking
  • IT/Security
  • Development
  • HR
  • Finance/Payroll
  • Legal and Compliance
  • Marketing
  • Computer Structure:
  • Development Servers
  • Production Servers
  • Per department computer container

  • AD Groups for departments
  • Allow user to only logon to department specific computers?

Considerations:

  • GPO settings
  • Delegation of permissions

Departments

  • Retail Banking
  • Commercial Banking
  • IT/Security
    • Line Manager
  • Development
    • Line Manager
  • HR
    • Line Manager
  • Finance/Payroll
    • Line Manager
  • Legal and Compliance
  • Marketing

Building out the AD Environment

Most likely this environment will be torn down and rebuilt, but for now a DC will be created with one Forest for the UK site, and possibly child domains for development and business. In the future, a Red Forest will be designed to delegate administration more appropriately.

The DC for the UK site will have the following roles:

  • AD
  • DNS
  • DHCP - per subnet?

Networking and Subnetting

bll-dc01

banklab.local domain controller

bll-fw01

PFSense Firewall

bll-fs01

MS File Server (DFS)

bll-sccm01

MS Update Server

bll-atd01

MS Advanced Threat Detection

bll-sql01

SQL Server (Not sure what this will be used for yet)

bll-log01

Central logging server

bll-mg01

Management box for LAPS and EDR solution?

bll-ex01

Exchange server