I took absolutely no measure to secure this lab, and as such, it should not be connected to any real environment.
Do not reinvent the wheel
The set up I went with is based on those three projects : https://github.com/jckhmr/adlabhttps://github.com/alebov/AD-lab The reason I could not got with one of those projects as is, is because I wanted Vagrant to be installed with my setup; that’s to say a windows based host with vmware pro installed. My set up here :
Requirements
Workstation Pro on a Windows Host
A VM with Kali (or any other OS supported by Ansible) installed within Workstation Pro
I guess you can also manage that VM through Vagrant/Ansible, but I figured that since I use that VM outside of my lab activities it was not needed to do so
Install roles. For example, I wanted to test the new ADCS relay attack from ntlmx, and wanted to add the CA and CA web enrollment roles manually.
I could not install those through Ansible win_feature plugin. Actually, I think it is because after install, those roles need to be configured through the GUI ?
I figured it was not too bad since those roles are quite specific to the PetitPotam exploit
Still, if anyone manage to install/configure those roles through Ansible, by all means tell me how you did it
Configure bloodhound exploitable path to domain admin through Ansible