Preparing the OS to run the Red Team home lab
Windows
We are going to use Windows 10 pro or a Windows server and Hyper-V to create the Red Team home lab.
Here we are detailing step-by-step, if you want just the commands go to the summary
1 Installing RSAT tools
If we are using a Windows 10 pro we are going to install first the RSAT tools.
We can list them by opening a Powershell as an admin and type:
Copy Get-WindowsCapability -Name RSAT* -Online | Select-Object -Property DisplayName, State
To install all the available RSAT tools at once, we run:
Copy Get-WindowsCapability -Name RSAT* -Online | Add-WindowsCapability –Online 2 Enable Hyper-V
We can enable Hyper-V by opening a Powershell as an admin and type:
Copy Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Hyper-V -All And we reboot
3 Enable WSL
The Host server will serve as the attacker machine.
It will host the C2 and also we are going to leverage the Windows Subsystem for Linux to use Kali.
You must first enable the WSL feature.
Open PowerShell as Administrator and run:
Copy dism.exe /online /enable-feature /featurename:Microsoft-Windows-Subsystem-Linux /all /norestart 4 Enable Virtual Machine feature
Before installing WSL 2, you must enable the Virtual Machine Platform optional feature.
Open PowerShell as Administrator and run:
Copy dism.exe /online /enable-feature /featurename:VirtualMachinePlatform /all /norestart Restart your machine to complete the WSL install and update to WSL 2.
5 Download the Linux kernel update package
Download the latest package by opening PowerShell as Administrator and run:
Copy curl.exe https://wslstorestorage.blob.core.windows.net/wslblob/wsl_update_x64.msi --output C:\Windows\Temp\wsl_update_x64.msi And we run it with:
Copy C:\Windows\Temp\wsl_update_x64.msi 6 Set WSL 2 as the default
Open PowerShell as Administrator and run:
Copy wsl --set-default-version 2 7 Download Kali
Open PowerShell as Administrator and run:
Copy curl.exe -L https://aka.ms/wsl-kali-linux-new --output C:\Windows\Temp\wsl-kali-linux-new.appx 8 Install Kali
Open PowerShell as Administrator and run:
Copy Add-AppxPackage C:\Windows\Temp\wsl-kali-linux-new.appx and set it up:
9 Install git
Download the last release of git for windows and install it
AutomatedLab
For building and running the lab we are going to use AutomatedLab
AutomatedLab (AL) enables you to setup test and lab environments on Hyper-v or Azure with multiple products or just a single VM in a very short time. There are only two requirements you need to make sure: You need the DVD ISO images and a Hyper-V host or an Azure subscription.
1 Download and install the last release
We download AutomatedLab.msi from the last release on Github:
And install it
2 SetUp Automated lab
Open PowerShell as Administrator and run:
Copy powershell -ep bypass
Import-Module AutomatedLab
Install-Module -Name Pester -Force -SkipPublisherCheck Docker
For managing ELK as an air gapped solution we need to host our own Elastic Package Registry.
For that we need to install Docker
We download the last stable release and install it
Create a file as C:\startDocker.ps1
Copy start-service -Name com.docker.service
sleep 10
start 'C:\Program Files\Docker\Docker\Docker Desktop.exe' Run in an elevated powershell cmd
Copy powershell -ep bypass
$trigger = New-ScheduledTaskTrigger -AtStartup
$action = New-ScheduledTaskAction -Execute "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Argument "-ep bypass -File C:\startDocker.ps1"
$settings = New-ScheduledTaskSettingsSet -Compatibility Win8 -AllowStartIfOnBatteries
Register-ScheduledTask -Action $action -Trigger $trigger -TaskName "Start Docker on Start up" -Settings $settings -User $env:UserName -RunLevel Highest
# Add the user to the docker-users user-group
# This is needed so that this user has access to docker services
try {
Add-LocalGroupMember -Group docker-users -Member $env:UserName -ErrorAction Stop
} catch [Microsoft.PowerShell.Commands.MemberExistsException] {
}
# Run Docker right now
C:\startDocker.ps1
Summary
Open PowerShell as Administrator and run:
Copy Get-WindowsCapability -Name RSAT* -Online | Add-WindowsCapability –Online
Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Hyper-V -All Reboot
Copy dism.exe /online /enable-feature /featurename:Microsoft-Windows-Subsystem-Linux /all /norestart
dism.exe /online /enable-feature /featurename:VirtualMachinePlatform /all /norestart Reboot
Copy curl.exe https://wslstorestorage.blob.core.windows.net/wslblob/wsl_update_x64.msi --output C:\Windows\Temp\wsl_update_x64.msi
C:\Windows\Temp\wsl_update_x64.msi
wsl --set-default-version 2
curl.exe -L https://aka.ms/wsl-kali-linux-new --output C:\Windows\Temp\wsl-kali-linux-new.appx
Add-AppxPackage C:\Windows\Temp\wsl-kali-linux-new.appx
kali We download and install the last git release
We download and install AutomatedLab.msi from the last release on Github:
Copy powershell -ep bypass
Import-Module AutomatedLab
Install-Module -Name Pester -Force -SkipPublisherCheck We download and install the last stable release of Docker
Create a file as C:\startDocker.ps1
Copy start-service -Name com.docker.service
sleep 10
start 'C:\Program Files\Docker\Docker\Docker Desktop.exe' Run in an elevated powershell
Copy powershell -ep bypass
$trigger = New-ScheduledTaskTrigger -AtStartup
$action = New-ScheduledTaskAction -Execute "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Argument "-ep bypass -File C:\startDocker.ps1"
$settings = New-ScheduledTaskSettingsSet -Compatibility Win8 -AllowStartIfOnBatteries
Register-ScheduledTask -Action $action -Trigger $trigger -TaskName "Start Docker on Start up" -Settings $settings -User $env:UserName -RunLevel Highest
# Add the user to the docker-users user-group
# This is needed so that this user has access to docker services
try {
Add-LocalGroupMember -Group docker-users -Member $env:UserName -ErrorAction Stop
} catch [Microsoft.PowerShell.Commands.MemberExistsException] {
}
# Run Docker right now
C:\startDocker.ps1 
