Hackers With a heart

, ,

ADCS Lab setup part 1: devices

As I mentioned in my previous post, I ran across limitations in setting up my lab on one device. Rather than going out an purchasing a capable server, I decided to distribute the Virtual Machines across the devices I currently have access to, and in the process experiment with a few virtualization platforms. Here are the devices I am using:

  1. My daily driver laptop: Lenovo Legion 5i, with 32 GB of DDR4 RAM and 1 TB storage.
  2. An older desktop I had lying around: HP Envy with 32 GB or DDR4 RAM, 2 TB storage.
  3. Intel NUC with 32 GB DDR4 RAM and 1 TB Storage

With these devices I will be creating the labs detailed previously each in a virtualized network including PFSense routers/firewalls to allow the different labs to connect to each other, including the Wazuh SIEM. By doing this I can have the labs exist concurrently, and provide a private IP range for each lab without having each lab get IP addresses from my physical router. This adds a degree of complexity as routing and firewall rules will need to be configured, but will simulate a more realistic scenario. In this configuration, the “internet” will be my home network with an IP address range of 192.168.50.0/24. Here is how I decided to break up the lab between devices, and the virtualization platforms on each with my reasoning.

  1. HP ENVY desktop: This will contain the GOAD lab, behind one PFSense firewall. As I mentioned, this desktop is an older spare I had lying around so to optimize it for usage in this project I upgraded the RAM from 16GB to 32 GB (the maximum suggested by the motherboard manufacturer) and added a second SSD to contain the VM images. Also, I decided to start with a fresh install of Debian 12 as the host operating system. On this device I will be using Virtualbox as the virtualization technology as it is free, doesn’t require a sign up of any kind, and the GOAD installation with Virtualbox seemed the most straightforward.
  2. Intel NUC: This will initially contain the simple enterprise ADCS configuration. I already had this device running the Proxmox virtualization platform which is installed as the operating system to enable a Type 1 hypervisor. This lab will include two PFSense devices to simulate a Demilitarized Zone (DMZ) to offer services to the “internet”, with the ADCS components residing behind the second firewall as a private network. I chose this configuration so I could experiment with using ADCS certificates across non domain joined components, such a the web server in the DMZ. Also, I already had two Linux virtual machines installed in Proxmox which I will migrate to the ADCS lab to experiment with joining Linux servers to an AD domain and use ADCS certificates with them.
  3. Lenovo laptop: This will include the “distributed” version of the lab as well as the Wazuh SIEM platform, behind a single PFSense router/firewall. For this portion I chose to use VMware Workstation Pro virtualization platform. This was previously installed on the laptop and I already had a paid license, although Broadcom recently made Workstation Pro a free product.

Takeaways

Setting up the labs in this way added a great deal of complexity but also gives me the opportunity to experiment with a variety of virtualization products and configuring PFSense to allow communication between various private networks. Rather than opening and forwarding ports on each router, I chose to create Site-To-Site Virtual Private network connections between the lab environments, to simulate a larger enterprise strewn across physical locations. This will also allow me to add a “attack box” for the security portions of my lab which can reach any machine in any of the labs. This also came in handy for connecting the Wazuh SIEM without having to port forward, with the exception being the Proxmox lab as it contains a DMZ. Join me as I run through the steps of setting up these labs on these devices in upcoming posts!