1. Introductionn
You may have learned many things about Linux and Open Source Tools, but most enterprise networks are based on Micrsoft Windows and Active Directory.
The Windows Response Lab is based on a fully deployed Active Directory with several computers and servers joined into the domain. Before using the Windows Response Lab, you must deploy it in Azure. Thus, please start and deploy the infrastructure using the Deployment Manager.
2. Architecture
The picture below highlights the Windows Response Lab, sometimes called Windows Attack Lab. Two hosts, a Windows 10 RDP computer and a Forensic Investigation machine, are accessible from the internet. You must always jump to one of theses hosts to connect other computers in the lab. It is recommended to use the Windows 10 RDP host at first.
- RDP connection to Client1.winattacklab.local
- RDP connection to Forensicclient
3. Deployment
The Deployment Manageris the tool you must use to deploy the lab in the Azure cloud. In other words, you are going to deploy the labon your own.
The lab took about 1 hour to get fully deployed. After it is finished you’ll see this message:
terraform is fully deployed
Now you can start by connecting to the pubilc IP Addresses 🙂