This homelab was created following Day CyberWox’s blueprint and documentation, available on his website. It’s been changed slightly to use more recent software versions and technologies.
The lab was created using VMware Workstation Pro 17. VMware offers a 30-day free trial, which is what I used.
In this lab:
- pfSense is configured to act as the firewall, router, and DHCP server
- Splunk is being used as a primary SIEM, and Security Onion has been configured to act as an IDS and secondary SIEM
- The victim network is comprised of a Windows Server domain controller with a Windows 10 machine in its Active Directory
- A Kali machine is being used as the attack box.
Network topology:
Samples:
Connectivity between the Windows 10 user (Eileen) and the Domain Controller:
Windows 10 computer in the Active Directory Administrative Center:
Login activity logs on Splunk:
Nmap scan from the Kali attack box:
pfSense dashboard and sample firewall rule:
Some Security Onion pages/tools:
