Intro

Active directory is relevant for cybersecurity as well as IT in general. In this project, I’ll be building my own active directory environment which is important to understand IT administration and the working of domains. I’ll also have Splunk to monitor my Windows server or machine. I’ll be utilizing kali linux & Atomic Read Team to perform attacks and observe the generated telemetry.

To-Do

Build a logical diagram
Install VMs - Windows Server, Windows 10, Kali Linux, Ubuntu Server (for Splunk)
Install & configure Sysmon (for logging) & Splunk (SIEM)
Configure Active Directory & Promote AD to Domain Controller
Generate telemetry with Kali & Atomic Red Team

Logical diagram

ad-diagram

What is Active Directory?

Active Directory is simply a database that contains objects like Users, Computers, Groups and many more. In order to use AD, a server must have a service running on it called Active Directory Domain Services or AD DS. The server must then be promoted to a Domain Controller AKA a DC. By promoting the server to a DC, we gain capability to perform Authentication & Authorization(using Kerberos).

AD DS objects contain attributes that contain information about the object. For example, an Object Bob might have attributes like First Name, Last Name etc.