RED-TEAM Home-Lab Infra

After looking at a bunch of blogs from the other security folks about RED-Teaming. It started to bug my mind that how is all the setup done form the infrastructure side of things.

Taking the advantage from the experience of creating a home lab environment, using multiple hypervisors and networking. I decided to have my own infrastructure in my home lab. This home lab will contain a lot of things that will be related to starting from..

1. Networking
2. Multiple VMs
3. Multiple DMZs
4. Isolations
5. Netowork traffic
6. The victim network
7. Attacking infrstructure which will contain
   1. Single/Multiple Redirectors
   2. The attack box
      1. Windows Machine
      2. Linux [Kali]
8. Assumed Public Cloud infrastructure
   1. This is where the redirectors stay
9. Using Pfsense firewall to accomplish all the above activity.

I’ve divided the Infra into 3 Parts, which is as follows.

1. Victim-Network
2. Assumed Public-Cloud
3. Attacking-Network

From the previous home-lab blog, I’ve showed the configuration of the HP-Proliant enterprise grade server. This server is a beast to run all the number of virtual machines that I wanted to execute for the infra.

Interested how the setup looks like? Check it

Below are some of the things that I strictly wanted to have in my LAB. This helps my in defining the things for further or future upgrades that I wanted to have in my LAB.

1. Attacker network should not directly talk or communicate with the victim network.
2. Victim network should not directly talk or communicate with the Attacker network.
3. The Victim or the attacker networks can only communicate to the public cloud.
4. Here the bridge/communication between these two networks is only via Public Cloud-Network.
5. Due to security constraints/reasons, the victim network only allow the egress traffic to the public cloud via port 443 HTTPS.
6. Along the other side to keep the attacking infra safe, the attacking network will only communicate to the Public cloud via 22 SSH by tunneling the traffic using redirectors.

I’ve created a small Network Diagram to show how the idea is going to work.

Here the networking can be as simple as above or it can go as complex as possible depending on your imagination how you wanted to create the whole environment.

1. Attacker Network -> 172.16.10.0/24
2. Public Cloud Services -> 172.16.50.0/24
3. Complete Victim Network -> 172.16.100.0/24, 172.16.110.0/24, 172.16.120.0/24

The reason behind using multiple Victim networks is to have multiple environments in the LAB where there is some consistency can be seen, when ever you wanted to deploy new labs and stuff like that. In my case I’ve couple of Labs set in the victim network.

1. GOAD [The Game Of Active Directory]
2. SCCM / MECM LAB

Both the labs are build by # Orange Cyberdefense. So, from the above structure, I’ve my Victim network as follows.

1. GOAD -> 172.16.100.0/24
2. SCCM -> 172.16.110.0/24

So now the question is how to setup this using pfsense?

The above networking is achieved by setting up multiple V-LANS in PFSense firewall and adding firewall rules. Also, will be covering the networking part of the story using PFSense. The story kept for some other day.

Stay tuned for the upcoming blog!!