Preparing the OS

Installing the requirements to run the Red Team home lab

Preparing the OS to run the Red Team home lab

Windows

We are going to use Windows 10 pro or a Windows server and Hyper-V to create the Red Team home lab.

Here we are detailing step-by-step, if you want just the commands go to the summary

1 Installing RSAT tools

If we are using a Windows 10 pro we are going to install first the RSAT tools. We can list them by opening a Powershell as an admin and type:

Get-WindowsCapability -Name RSAT* -Online | Select-Object -Property DisplayName, State

To install all the available RSAT tools at once, we run:

Get-WindowsCapability -Name RSAT* -Online | Add-WindowsCapability –Online

2 Enable Hyper-V

We can enable Hyper-V by opening a Powershell as an admin and type:

Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Hyper-V -All

And we reboot

3 Enable WSL

The Host server will serve as the attacker machine.

It will host the C2 and also we are going to leverage the Windows Subsystem for Linux to use Kali.

You must first enable the WSL feature.

Open PowerShell as Administrator and run:

dism.exe /online /enable-feature /featurename:Microsoft-Windows-Subsystem-Linux /all /norestart

4 Enable Virtual Machine feature

Before installing WSL 2, you must enable the Virtual Machine Platform optional feature.

Open PowerShell as Administrator and run:

dism.exe /online /enable-feature /featurename:VirtualMachinePlatform /all /norestart

Restart your machine to complete the WSL install and update to WSL 2.

5 Download the Linux kernel update package

Download the latest package by opening PowerShell as Administrator and run:

curl.exe https://wslstorestorage.blob.core.windows.net/wslblob/wsl_update_x64.msi --output C:\Windows\Temp\wsl_update_x64.msi

And we run it with:

C:\Windows\Temp\wsl_update_x64.msi

6 Set WSL 2 as the default

Open PowerShell as Administrator and run:

wsl --set-default-version 2

7 Download Kali

Open PowerShell as Administrator and run:

curl.exe -L https://aka.ms/wsl-kali-linux-new --output C:\Windows\Temp\wsl-kali-linux-new.appx

8 Install Kali

Open PowerShell as Administrator and run:

Add-AppxPackage C:\Windows\Temp\wsl-kali-linux-new.appx

and set it up:

kali

9 Install git

Download the last release of git for windows and install it

AutomatedLab

For building and running the lab we are going to use AutomatedLab

AutomatedLab (AL) enables you to setup test and lab environments on Hyper-v or Azure with multiple products or just a single VM in a very short time. There are only two requirements you need to make sure: You need the DVD ISO images and a Hyper-V host or an Azure subscription.

1 Download and install the last release

We download AutomatedLab.msi from the last release on Github:

And install it

2 SetUp Automated lab

Open PowerShell as Administrator and run:

powershell -ep bypass
Import-Module AutomatedLab
Install-Module -Name Pester -Force -SkipPublisherCheck

Docker

For managing ELK as an air gapped solution we need to host our own Elastic Package Registry.

For that we need to install Docker

We download the last stable release and install it

Create a file as C:\startDocker.ps1

start-service -Name com.docker.service
sleep 10
start 'C:\Program Files\Docker\Docker\Docker Desktop.exe'

Run in an elevated powershell cmd

powershell -ep bypass
$trigger = New-ScheduledTaskTrigger -AtStartup
$action = New-ScheduledTaskAction -Execute "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Argument "-ep bypass -File C:\startDocker.ps1"
$settings = New-ScheduledTaskSettingsSet -Compatibility Win8 -AllowStartIfOnBatteries
Register-ScheduledTask -Action $action -Trigger $trigger -TaskName "Start Docker on Start up" -Settings $settings -User $env:UserName -RunLevel Highest

# Add the user to the docker-users user-group
# This is needed so that this user has access to docker services
try {
	Add-LocalGroupMember -Group docker-users -Member $env:UserName -ErrorAction Stop
} catch [Microsoft.PowerShell.Commands.MemberExistsException] {
}

# Run Docker right now
C:\startDocker.ps1

Summary

Open PowerShell as Administrator and run:

Get-WindowsCapability -Name RSAT* -Online | Add-WindowsCapability –Online
Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Hyper-V -All

Reboot

dism.exe /online /enable-feature /featurename:Microsoft-Windows-Subsystem-Linux /all /norestart
dism.exe /online /enable-feature /featurename:VirtualMachinePlatform /all /norestart

Reboot

curl.exe https://wslstorestorage.blob.core.windows.net/wslblob/wsl_update_x64.msi --output C:\Windows\Temp\wsl_update_x64.msi
C:\Windows\Temp\wsl_update_x64.msi
wsl --set-default-version 2
curl.exe -L https://aka.ms/wsl-kali-linux-new --output C:\Windows\Temp\wsl-kali-linux-new.appx
Add-AppxPackage C:\Windows\Temp\wsl-kali-linux-new.appx
kali

We download and install the last git release

We download and install AutomatedLab.msi from the last release on Github:

powershell -ep bypass
Import-Module AutomatedLab
Install-Module -Name Pester -Force -SkipPublisherCheck

We download and install the last stable release of Docker

Create a file as C:\startDocker.ps1

start-service -Name com.docker.service
sleep 10
start 'C:\Program Files\Docker\Docker\Docker Desktop.exe'

Run in an elevated powershell

powershell -ep bypass
$trigger = New-ScheduledTaskTrigger -AtStartup
$action = New-ScheduledTaskAction -Execute "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Argument "-ep bypass -File C:\startDocker.ps1"
$settings = New-ScheduledTaskSettingsSet -Compatibility Win8 -AllowStartIfOnBatteries
Register-ScheduledTask -Action $action -Trigger $trigger -TaskName "Start Docker on Start up" -Settings $settings -User $env:UserName -RunLevel Highest

# Add the user to the docker-users user-group
# This is needed so that this user has access to docker services
try {
	Add-LocalGroupMember -Group docker-users -Member $env:UserName -ErrorAction Stop
} catch [Microsoft.PowerShell.Commands.MemberExistsException] {
}

# Run Docker right now
C:\startDocker.ps1
PreviousHardwareNextInstalling the Red Team home lab

Last updated