← Back to Projects

Active Directory Home Lab

Ongoing
Proxmox Windows Server PowerShell Terraform Ansible

Overview

A fully self-hosted Active Directory lab environment designed to replicate enterprise network configurations found in real-world engagements. The lab runs on a Proxmox hypervisor and is provisioned entirely through infrastructure-as-code.

Architecture

The environment consists of a multi-forest Active Directory setup with two forests and a total of three domains, connected via trust relationships. The infrastructure includes domain controllers, file servers, web servers, workstations, and a SIEM stack for detection engineering.

Key components:

  • Primary Forest with a parent domain and child domain, including Exchange and ADCS
  • Secondary Forest with a bidirectional trust to the primary forest
  • Workstation Tier with multiple Windows 10/11 machines joined to each domain
  • Attack Infrastructure with a dedicated Kali machine and C2 server on an isolated subnet

Provisioning

The entire lab is defined in Terraform for VM creation and Ansible for configuration management. Spinning up the full environment from scratch takes roughly 45 minutes, making it easy to reset between testing sessions.

What I Practice

  • Kerberoasting, AS-REP roasting, and delegation attacks
  • ADCS abuse (ESC1-ESC8)
  • Trust relationship exploitation across forests
  • Lateral movement techniques (Pass-the-Hash, overpass-the-hash, DCOM, WMI)
  • Detection rule development and SIEM alert tuning
  • Purple team exercises pairing attack execution with log analysis