Active Directory Attack & Defense Lab
This is a stub, created up front so documentation happens alongside the build. Sections are filled in as the lab progresses. All work is performed on an isolated network on systems I own — nothing here is internet-facing, and no real credentials or PII are used.
Objective
[To fill in] Build a small Active Directory environment and practice a full attack path — enumeration → credential access → privilege escalation to Domain Admin — then note the defensive controls that would have caught each step.
Environment
[To fill in — add network diagram] Host-only / isolated network, segmented from the home LAN. Snapshots taken before each exercise.
- Domain Controller — Windows Server (AD DS, DNS)
- 1–2 Windows 10/11 domain-joined clients
- Kali Linux attacker
Approach & methodology
[To fill in] Recon → enumeration → exploitation → post-exploitation. Screenshots where helpful. Redact real flags/answers — teach the method, not the solution.
Key findings / what happened
[To fill in] Results with sanitized evidence.
Lessons learned
[To fill in] What I understand now that I didn't before.
Pitfalls in live environments
[To fill in] The 3 common pitfalls someone hits getting this working for real, and how to get through them efficiently.
Mapping to skills
[To fill in] AD attack paths, enumeration, privilege escalation, secure configuration — and the defensive/detection counterpart for each.