Why and what of the Project?
Developing an open-source integrated lab for security testing and Hunting is not a new idea, it has been previously done, there are lots of blogs, books, and videos that have been made already on this topic.
But although there are great projects out there that you can just download and start playing along, I wanted to build my setup from the Ground-up cause I want to know the hooks and crooks of each component that I fit in. (Think of why do PC enthusiasts build their Rig from ground zero, while they can just buy the pre-built and start crusading.). I have taken inspiration from a lot of these open projects and also evaluated a lot of open source tools to find what fits best and suits my style of working (isn't tailor-fitted better than a ready-made Suit?) I've mentioned all the details in the next sections for us to Determine why we chose what we chose.
A few things to get the scope cleared.
Create a lab system that was locally available to me and hence I decided not to opt for a cloud-based Lab, also hosting a lab on a cloud for security testing painted a bad picture cause if I violate any security rules on Cloud my lab would get in danger(AWS certainly wouldn't want me to Host Mimikatz for testing).
A setup that could be used for Malware detonation, as well as Adversary emulation and that, is the reason why I'm not integrating pre-built sandboxes cause they reduce flexibility to perform adversary emulation and pre-process data in accordance with their logic.
The Learning Curve that came with installing, setting up, optimization, and integration of these tools was something that I didn't want to miss out on, so another reason why I custom built this.
A poor man's Silver, I don't have a very beefy rig at my disposal, but I wanted a barebones setup that would help me perform a malicious operation and analyze and learn the behavior so that I could write my research & analytics on the behavior of the subject. Hence I used my Current Laptop ( 6C/12T Processor / 32GB Ram ) to host VMs that could only talk to each other, I'll look for means to expand this setup in the future if the purpose arises. For now, I'm staying away from ADs or complex Lab setups.
Last updated