In the last two articles we gave a high level overview in this one I will start off by describing each component to our project.
Domain, Network, Splunk Server, Active directory, Attacker
Domain :
Our Domain will have a Logical boundary for organizing and
managing resources within the network. Centralizing user
account management. Providing authentication and authorization
services. Facilitating resource sharing and management.Network :
Routing and switching directing data packets between
devices on the network to ensure proper communication.
Connectivity and establishing connections between servers,
client machines and other network devices. Security implementing
firewalls, intrusion detection systems, and encryption to protect
against unauthorized access and data breach. Bandwidth management
optimizing network performance and bandwidth utilization to ensure
efficient data transfer.Splunk Server :
We will be doing Log collection gathering log files and event
data from domain controllers, servers, and client machines.
Indexing and organizing log data to facilitate fast
and efficient searching. Search and Analysis allowing
administrators to search, correlate, and analyze log data to
identify security incidents, troubleshoot issues, and gain
insights into system performance. Generating reports
and visualizations to present findings and trends derived from
log data analysis.Active Directory :
Our AD will provide us with user authentication and verifying
the identity of users and computers attempting to access
network resources. User authorization determining which
resources users are allowed to access based on their
permissions and group memberships. Group policy management
enforcing centralized security policies, configurations, and
settings across the network. Directory services storing and
organizing information about network resources, including
users, computers, groups, and policies. Replication
synchronizing directory data between domain controllers to
ensure consistency and fault tolerance.Attacker :
We will be Exploiting vulnerabilities identifying and
exploring security weaknesses in network services,
applications, or configurations Gaining unauthorized access
attempting to obtain unauthorized access to sensitive data,
user accounts, or network resources. Conducting reconnaissance
gathering information about the network, such as open ports,
services, and user accounts, to plan and execute attacks.
Launch various types of attacks including malware infections,
phishing campaigns, brute force attacks, privilege escalation,
denial-of-service attacks. Evading detection employing
techniques to avoid detection by security measures such as
firewalls, intrusion detection systems, or antivirus software.Hypervisor - VMware
Virtual Machine && Configurations
Use the Hypervisor of your choice
VirtualBox or VMware
Ill be using VMware
Download your ISOs
Windows 10, Kali Linux, Windows Server 2022, Ubuntu 22.04
Windows 10 Configuration Specs
Download ISO
Memory ( RAM ) 4GB ( 4096 )
1 Processor ( 1 CPU )
Virtual Hard Disk 50GB
Select Windows 10 Pro
Windows 10 Professional
Kali Linux
Download ISO or a Pre-Built Kali Linux VM
The file is a 7zip file
so you can get a Application called 7zip to unzip
On a Mac you just double click to unzip
If you have Pre-Built VM just Double click the file
It will automatically open in VMware
Windows Server 2022
Download ISO ( 64bit edition )
Name : VM AD-DC
Memory : ( RAM ) 4GB ( 4096 )
1 Processor ( 1 CPU )
Virtual Hard Disk : 50GB
Select Standard Evaluation ( Desktop Experience )
Once its loaded to unlock the screen on
VMware go to the top of the screen and select
Virtual Machine and select ctl + alt + delete
Ubuntu Server 22.04
Download ISO
Name : Splunk
Memory ( RAM ) 8GB ( 8192 )
2 Processors ( 2 CPU )
Virtual Hard Disk 100GB
name :
servers name :
username :
Password :
Install OpenSSH Server
Once installed run the commands
sudo apt-get update && sudo apt-get upgrade
Next to come : The Main Attraction