This repository is a hands-on implementation and extension of the MYDFIR Cybersecurity Project: Active Directory 2.0, originally published on YouTube. It focuses on building a secure, functional Active Directory lab environment for blue team training.
- Deploy a realistic Windows-based Active Directory environment on the Vultr cloud network.
- Detect unauthorized login with splunk.
- Automate responses using shuffle as our SOAR platform.
- Advanced understanding of SIEM concepts and practical application.
- Development of critical thinking and problem-solving skills in cybersecurity.
- Security Information and Event Management (SIEM) system for log ingestion and analysis.
- Vultr cloud plateform
- Shuffle as our SOAR platform.
- Window Server 2022 to host our Active Directory Domain Controller
- Umbuntu Server 22.04 used as our splunk server
- Slack and email address to get notificatians
- First need to create a need to create our environment inside of Active Directory in side of Vultr.
Ref 1: Network Diagram