Day 3 - Active Directory Security (Privileged Access) Lab Virtual Machine

Folks,

Hello. I hope this finds you doing well. This post is Day-3 of Active Directory Security for Cyber Security Experts.


Today, I'm making available a special Active Directory Security lab virtual machine that everyone can download for free that we built to help organizations and experts worldwide learn advanced Active Directory Security and Privileged Access.



An Active Directory Security Lab VM

Over the next thirty to sixty days, I'll be teaching the world how to correctly audit privileged access in Active Directory (AD), and to help everyone learn, follow and try it out for themselves, I had a special AD Security VM custom-built for everyone.

This is a free, instantly downloadable, custom-built VM running Windows Server 2019, complete with -

1. Over 1000 security principals, including domain user accounts, computer accounts and security groups
2. Over 3000 objects including GPOs, service connection points, print queues and managed service accounts
3. Over 30 custom real-world administrative delegations provisioned across over 200 organizational units (OUs)
4. Over 150,000 Active Directory security permissions spanning over 3000 Active Directory access control lists (ACLs)
5. Custom permissions in the AdminSDHolder ACL as well as on the domain root object, governing Mimikatz DCSync

Active Directory Security Scenarios

Today organizations worldwide need to know how to adequately secure and defend their foundational Active Directory deployments from compromise, especially how to deal with specific advanced Active Directory Security scenarios.

This custom-built Active Directory Security lab VM contains specifically implemented examples of many such advanced Active Directory Security scenarios -

1. How to correctly audit privileged access (the "Keys to the Kingdom") in Active Directory
2. How to correctly assess, verify and lockdown privileged access in Active Directory
3. How to attain and maintain Least Privileged Access (LPA) in Active Directory
4. How to perform Privileged Account Discovery (PAD) in Active Directory
5. How to correctly assess various Active Directory Security solutions


6. How to uncover stealthy admins in Active Directory
7. How to identify sneaky persistence in Active Directory
8. How to prevent the spread of ransomware via Active Directory
9. How to identify (1000s of) privilege escalation Paths in Active Directory
10. How to eliminate serious risks posed by Bloodhound, Mimikatz DC Sync etc.

Over the next few days, I will walk through crystal-clear examples of each one of these scenarios in this lab VM and show how to identify these scenarios in this lab VM, helping everyone learn how to address these scenarios in real-world ADs.




Fulfilling Active Directory Focused Privileged 
Access Management (PAM) Audit Needs

Organizations worldwide also need to correctly fulfill Privileged Access Management (PAM) focused privileged access audit requirements involving Active Directory, so I'll also show you how to easily and correctly fulfill such requirements.

Specifically, for the benefit of IT, cyber security and compliance audit professionals, I'll share -

1. How to correctly audit who has what privileged access in and across the entire Active Directory (i.e. domain-wide)
2. How to correctly audit who has what privileged access on a specific Active Directory object (e.g. the CEO's/CFO's domain user account, the Domain Admins security group, the domain root, a specific OU, AdminSDHolder etc.) 

Today, unfortunately, most organizations and auditors do not know how to correctly do so, so this should be equally helpful.




Real-World Active Directory Contents

This AD Security lab VM contains a Windows Server 2019 powered, Active Directory forest, corp.local, for a fictional multi-national corporation headquartered in USA with worldwide operations across Americas, Europe, the Middle East and Asia.

It has an elaborate, real-world like organizational unit (OU) hierarchy that includes well over 200 OUs, across which realistic, custom administrative delegations have been provisioned for various IT security groups such as Help Desk.





Real-World Privileged Access / Administrative Delegations

This AD Security lab VM has also been custom-configured with over two dozen real-world administrative delegations that have been implemented to over two dozen domain security groups across this fictional domain, just like in the real world.

In particular, privileged/administrative access has been carefully delegated/provisioned in this Active Directory for domain user account (identity) management, security group (access) management, computer (host) management, group policy management etc. just like it is done at most organizations in the real-world, both directly, and via group nesting.

Administrative tasks that have been delegated include account creations (provisioning), object deletions, password resets, account expirations, group membership changes, access control (ACL) modifications, group policy (GPO) linking, etc. etc.





Download Point

This custom-built Active Directory Security is free for everyone to use, and it can be instantly downloaded from HERE.

Download

Its file size is 7,729,720,905 bytes (7.21 GB) and its MD-5 Hash is 390c9597a2568cd0f5f64b48b9c81f20. 


Step-by-step directions on how to download and get started with this VM in less than five minutes are provided below.





Getting Started

It takes less than five (5) minutes to get started, and here are step-by-step instructions on how to do so -

1. Download this free Active Directory Security Virtual Machine from here.
2. Download and install the free version of VMWare Workstation Player from here.
3. Unzip the VM to extract the "AD Security" folder
4. Create a "Virtual Machines" folder in "My Documents"
5. Move the unzipped "AD Security" folder into the "Virtual Machines" folder


6. Launch VM Workstation Player and select "Open a Virtual Machine"
7. Point it to the "AD Security.vmx" file in the "My Documents\Virtual Machines\AD Security" folder
8. Then select the "AD Security VM" and click the play button to start it.
9. At the logon screen, login as "CORP\Administrator"  (The password is provided below.)
10. Open a command-prompt, and enter "slmgr /rearm" to rearm the Windows license, then restart the VM.

That's it. Login as Administrator, then launch the "Start here" text file located on the desktop (in the VM) to become acquainted with the contents of this VM, subsequent to which you can launch ADUC to begin exploring AD contents.

• Note: In step 8 above, you may (or may not) need to change the working directory for the VM. Should you need to do so, click on "Edit Virtual Machine Settings," then select the "Options" tab, and under "General" settings, locate the "Working Directory" text-box in the right-hand side, and modify it.



• Please do NOT change any contents of this VM yet, especially any security permissions or domain security group memberships as I will be walking you through numerous specific examples, and if the permissions or group memberships have been changed, your results will not be the same.

Password

You will need the password for the Administrator account to login to this virtual machine.

The case-sensitive password for the Administrator account is:     ParamountDefenses!


If you're having problems logging in, feel
free to send me a message on LinkedIn.

Summary

Today, Active Directory is the foundation of IT, cyber security and privileged access at 85% of organizations worldwide.

Those who know how to correctly analyze privileged access inside Active Directory possess substantial power because almost everything in Active Directory Security ultimately boils down to privileged access on Active Directory objects.


Over the next month, I'll be helping millions of IT and Cyber Security professionals worldwide gain this valuable skill, and the remaining lessons over the next 30 to 60 days will all refer to examples in this custom-built AD Security lab VM.

This AD Security Lab VM was custom built to illustrate and demonstrate the scenarios mentioned above and should be very helpful for anyone who may have a desire to gain advanced Active Directory Security and Privileged Access skills.

Best wishes,
Sanjay.


PS: July 22, 2020 Update - A detailed overview of the contents of this domain can be found here. PS2: March 08, 2021 Update - A new version of the VM has now been made available. The download link above and the file size and MD-5 hash details above are for the new version. For reference, the file size of the original (2020) version was 7,747,920,663 bytes (7.21 GB) and its MD-5 Hash was 80be4b771485303f069a63f8eb7b4c9e.