Active Directory LabApril 11, 2020 Current Structure Domain Controller Windows 2019 Datacenter 1809 Windows Workstation Invoke-AtomicRedTeam Windows 10 Enterprise 1909 Splunk Single server: Indexer, Search Head, Deployment Server Centos 7 XSOAR (Demisto) Alerts created from TA_Saved_Searches and fed from Splunk Centos 7 Kali Management and Attacking machine Velocidex Velociraptor Server Awesome open-source project for ‘endpoint monitoring, digital forensic investigations and cyber incident response.’ Ubuntu 18.04 SANS Slingshot C2 Matrix Edition Using VECTR, another awesome open-source project, for detection validation tracking Testing Sliver C2 Windows Machine Configurations Splunk Universal Forwarder installed GPO for logging configured using guidance from the Australian Signals Directorate