AD Privesc with Empire
  • SANS Workshop: Active Directory Privilege Escalation with Empire!
  • Installing the environment
    • AWS
    • Terraform
    • Ansible
    • Empire
    • Dependency setup script
  • Lab 1: Environment Orientation and Spinning up
  • Lab 2: Empire Setup and Initial Agent
  • Lab 3: Kerberoasting, Lateral Movement and DCSyncing
  • Lab 4: Hopping Trusts - Parent Child and Tree-Root
Powered by GitBook
On this page
  1. Installing the environment

AWS

PreviousInstalling the environmentNextTerraform

Last updated 4 months ago

The lab environment for this workshop is hosted on Amazon Web Services (AWS) to ensure maximum convenience and a seamless experience for all participants. The workshop setup includes a base virtual machine (VM) for our Command and Control (C2) server, alongside a fully configured Active Directory (AD) domain. This domain features a bastion host (serving as a VPN concentrator), three domain controllers, and a workstation. While it's technically possible to host this setup locally, leveraging AWS provides a more streamlined, reliable, and scalable solution to ensure the best possible learning environment.

Walkthrough: Creating a New AWS Account and Generating IAM Secrets with Full Administrator Access

A full video walkthrough can be found here:

  2. You will be asked to provide a root user email address as well as an AWS account name, please fill out these values accordingly.

  3. When done, click the Verify email address button

  1. after verification of email, you will be requested to create a root user password - please create a secure password and remember it - or use a password manager.

  2. AWS will ask for additional details, please fill out the appropriate values, don't worry they do not send you spam (at least they never have to me)

  1. AWS will ask to provide a payment method. Fill out the appropriate values.

  1. AWS will ask to verify your identity via a phone call or text message.

  1. Last AWS will ask you to select a support plan - select Basic support.

Once Logged in, you will be greeted with a console dashboard.

  1. Navigate to IAM (Identity Access Management) by clicking on the IAM button if visible or by typing IAM in the search bar

  1. Click Users on the left-hand side.

  1. Click Create User

  1. provide a username, such as terraform or robodeploy

  1. Click Attach Policies Directly

typically, AdministratorAccess is discouraged. However, since this terraform deployment is managing VPCs, Routing Tables, Security Groups and EC2 instances, it facilitates overhead. If you are uncomfortable with AdministratorAccess, make sure to delete the user after the workshop ends.

  1. Search for AdministratorAccess

  2. Click the little square so the box is checked and then click next (you might have to scroll down to reveal the next button)

  1. You will be taken to a Review page, click the create user button

  1. Once created, select the user from the overview and click on the Create access key button

  1. Select Command Line Interface (CLI) as use case

  1. check the Confirmation button

  2. you can skip the description tag and just click the Create access key button.

  1. Note your Access key and Secret Access Key, as you will need this for terraform later.

Congratulations, this is the end of the AWS setup guide. again, make sure to keep those access key and secret key handy, we will need them later.

Open your browser and navigate to

Congratulations, you now created your account and should be able to sign in to the management console.

https://signin.aws.amazon.com/signup?request_type=register
https://aws.amazon.com/