Phase One: Vulnerable Foundation

Establishing the "Technical Debt" Environment

Building a realistic enterprise infrastructure with deliberately vulnerable configurations. Two Windows Server 2022, one Windows 11, one Ubuntu Server 24, and one Kali Linux - 5 .iso files, a folder with a few tools, and an endless appetite for learning more. After installing everything I went through each Windows endpoint and disabled security settings, and essentially left the front door wide open. This sets the stage for attacking and remediating each vulnerability step-by-step in order to develop comprehensive cybersecurity experience.

✓ STATUS: COMPLETE
💻 Phase One GitHub (Diagnostics, Misconfigurations)
📝 Phase One Medium (Setup Walkthrough, Vulnerability Verification)

What I Built

Five virtual machines simulating a vulnerable enterprise environment, each demonstrating realistic security misconfigurations that exist in production networks.

🏢
DC01 - Domain Controller
Windows Server 2022 • Active Directory
Windows Server 2022 running Active Directory with weak password policies, disabled SMB signing, and Kerberoastable service accounts simulating legacy enterprise configurations.
🌐
APP01 - Application Server
Windows Server 2022 • IIS • MySQL
IIS web server with MySQL database featuring cleartext credentials in configuration files, directory browsing enabled, and Domain Admin app pool identity.
💼
MGR1 - Executive Workstation
Windows 11 Pro • Domain Joined
Windows 11 executive workstation with Domain Admin auto-logon stored in registry cleartext, disabled security controls (Windows Firewall, UAC, event logging), and RDP misconfiguration without Network Level Authentication.
📊
SIEM01 - Security Monitoring
Ubuntu Server 24.04 • Splunk Enterprise
Ubuntu Server running Splunk Enterprise collecting Windows Security, System, Application, and Sysmon logs from all domain members (~90K events/day).
⚔️
KALI - Attack Platform
Kali Linux • Penetration Testing Tools
Kali Linux with comprehensive penetration testing toolkit.

Active Risk Landscape

🏢
DC01 Vulnerabilities
  • SMB Signing Disabled (NTLM Relay)
  • LDAP Signing Disabled
  • NTLMv1 Authentication Allowed
  • Reversible Encryption Enabled
  • Service Accounts with SPNs (Kerberoast)
  • No Pre-Auth Required (AS-REP Roast)
💼
MGR1 Vulnerabilities
  • Auto-Logon Domain Admin (Registry)
  • DA Password in Cleartext
  • RDP Enabled / NLA Disabled
  • Windows Firewall Disabled
  • UAC Disabled (EnableLUA=0)
  • Event Logging Disabled
🌐
APP01 Vulnerabilities
  • IIS Directory Browsing Enabled
  • Verbose Error Messages
  • DA App Pool Identity
  • Everyone:Full Control on wwwroot
  • MySQL Root Remote Access
  • Cleartext Credentials in web.config

Technical Analysis & Code

Writeup: Windows 11 Executive Workstation

When Business Beats Best Practice: MGR1 Configuration

🔗

Writeup: Active Directory Vulnerabilities

Understanding AD Attack Vectors Through Intentional Misconfiguration

🔗

Writeup: Web Server & Database Exposure

IIS Misconfigurations, MySQL Exposure, and Path to Domain Admin

🔗

MGR1 Configuration Detail

Vulnerable executive workstation setup with verification scripts

💻

DC01 Configuration Detail

Domain Controller misconfigurations and Active Directory setup

💻

APP01 Configuration Detail

Vulnerable web server, IIS, and MySQL database configuration

💻

Learning Resources & External References

MITRE ATT&CK Framework

Enterprise tactics and techniques mapped to Phase 1 vulnerabilities

🎯

Active Directory Documentation

Microsoft's official AD DS reference and best practices

📚

SwiftOnSecurity Sysmon Config

Industry-standard Sysmon configuration for endpoint monitoring

⚙️

VirtualBox Documentation

Hypervisor configuration and NAT network setup reference

🖥️

IIS Documentation

Microsoft Internet Information Services configuration and security

🌐

MySQL Documentation

Database security best practices and configuration reference

🗄️

Project Timeline

1
Phase 1
Vulnerable Foundation
Complete
2
Phase 2
SIEM Fundamentals
Complete
3
Phase 3
Red Team Ops
Planned
4
Phase 4
Detection Engineering
Planned
5
Phase 5
Purple Team Ops
Planned