-
Notifications
You must be signed in to change notification settings - Fork 16
/
Copy pathREADME.html
84 lines (81 loc) · 4.06 KB
/
README.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
<!DOCTYPE html>
<html>
<head>
<title>Defensive Origins Lab Environment</title>
</head>
<body>
<p><img src="images/APT1.jpg" alt="" /></p>
<h1 id="defensive-origins-lab-environment">Defensive Origins Lab Environment</h1>
<p>The Defensive Origins Lab (DO-LAB) Environment is used during the Defensive Origins training classes by Defensive Origins, AntiSyphon Training, and Black Hills Information Security.</p>
<!-- Start Document Outline -->
<ul>
<li><a href="#deploy-lab-environment">Deploy Lab Environment</a>
<ul>
<li><a href="#azure-cloud-locationsregions">Azure Cloud Locations/Regions</a></li>
<li><a href="#training-course-pre-requisites">Training Course Pre-Requisites</a></li>
</ul>
</li>
<li><a href="#lab-environment">Lab Environment</a></li>
<li><a href="#upcoming-classes">Upcoming Classes</a></li>
<li><a href="#acknowledgments">Acknowledgments</a></li>
<li><a href="#license">License</a></li>
</ul>
<!-- End Document Outline -->
<h1 id="deploy-lab-environment">Deploy Lab Environment</h1>
<p>Click the button below to start the deployment of the Defensive Origins Lab Environment within your Azure account.</p>
<p><a href="https://portal.azure.com/#create/Microsoft.Template/uri/%68%74%74%70%73%3A%2F%2F%72%61%77%2E%67%69%74%68%75%62%75%73%65%72%63%6F%6E%74%65%6E%74%2E%63%6F%6D%2F%44%65%66%65%6E%73%69%76%65%4F%72%69%67%69%6E%73%2F%44%4F%2D%4C%41%42%2F%6D%61%69%6E%2F%44%65%70%6C%6F%79%2D%4C%41%42%2F%61%7A%75%72%65%2D%64%65%70%6C%6F%79%2E%6A%73%6F%6E/createUIDefinitionUri/%68%74%74%70%73%3A%2F%2F%72%61%77%2E%67%69%74%68%75%62%75%73%65%72%63%6F%6E%74%65%6E%74%2E%63%6F%6D%2F%44%65%66%65%6E%73%69%76%65%4F%72%69%67%69%6E%73%2F%44%4F%2D%4C%41%42%2F%6D%61%69%6E%2F%44%65%70%6C%6F%79%2D%4C%41%42%2F%75%69%64%65%66%69%6E%69%74%69%6F%6E%2E%6A%73%6F%6E"><img src="https://aka.ms/deploytoazurebutton" alt="Deploy DO-LAB Azure" /></a></p>
<h2 id="azure-cloud-locationsregions">Azure Cloud Locations/Regions</h2>
<p>While the deployment within Azure should be region agnostic, some deployed resources may not be available in all regions.
The following locations have specifically been tested:</p>
<ul>
<li>US East (any)</li>
<li>US West (any)</li>
<li>US Central (any)</li>
</ul>
<h2 id="training-course-pre-requisites">Training Course Pre-Requisites</h2>
<p>Are you attending a Defensive Origins training course that utilizes the Defensive Origins Azure Lab Environment? See the below links for additional information on the DOAZLab Pre-Requisites for Defensive Origins training courses.</p>
<p>Assumed Compromise - Methodology With Detections and Microsoft Sentinel</p>
<ul>
<li><a href="https://github.com/DefensiveOrigins/AC-PreReqs">https://github.com/DefensiveOrigins/AC-PreReqs</a></li>
</ul>
<p>Attack Detect Defend:</p>
<ul>
<li><a href="https://github.com/DefensiveOrigins/ADD-PreReqs">https://github.com/DefensiveOrigins/ADD-PreReqs</a></li>
</ul>
<p>Applied Purple Teaming:</p>
<ul>
<li><a href="https://github.com/DefensiveOrigins/APT-PreReqs">https://github.com/DefensiveOrigins/APT-PreReqs</a></li>
</ul>
<h2 id="lab-environment">Lab Environment</h2>
<ul>
<li>Windows Server 2022 /w Active Directory.
<ul>
<li>Domain: doazlab.com</li>
</ul>
</li>
<li>Windows Workstation</li>
<li>Ubuntu 22.04LTS</li>
<li>Sysmon Installation on Server and Workstation</li>
<li>Microsoft Sentinel & Log Analytics</li>
</ul>
<table>
<thead>
<tr>
<th><img src="images/labenv.png" alt="Labenv" /></th>
</tr>
</thead>
</table>
<h1 id="acknowledgments">Acknowledgments</h1>
<ul>
<li>Open Threat Research Forge: <a href="https://github.com/DefensiveOrigins/DO-LAB">https://github.com/DefensiveOrigins/DO-LAB</a></li>
<li>Microsoft Sentinel2Go: <a href="https://github.com/OTRF/Microsoft-Sentinel2Go">https://github.com/OTRF/Microsoft-Sentinel2Go</a></li>
<li>OTRF Blacksmith Components: <a href="https://github.com/OTRF/Blacksmith">https://github.com/OTRF/Blacksmith</a></li>
<li>Roberto Rodriguez (@Cyb3rWard0g)</li>
<li>Sysmon Modular: <a href="https://github.com/olafhartong/sysmon-modular/wiki">https://github.com/olafhartong/sysmon-modular/wiki</a></li>
</ul>
<h1 id="license">License</h1>
<ul>
<li>GPLv3</li>
</ul>
</body>
</html>