-
Notifications
You must be signed in to change notification settings - Fork 354
Windows Infrastructure
P4T12ICK edited this page Feb 20, 2020
·
1 revision
The Attack Range can build different architectures based on the configuration in attack_range.conf. The user can enable/disable a Windows Domain Controller, Windows Server 2016 and Windows 10 Client. By enabling join_domain in attack_range.conf, the user can enable that the Windows Server 2016 and Windows 10 Client should join the domain.
Windows Remote Desktop (RDP) is turned on the different Windows Servers. This can be used to connect to the servers by using the user Administrator and the password defined in attack_range.conf.
All Windows Servers come pre-configured with a Splunk Universal Forwarder, which sends Windows Event Logs, Powershell Logs and Sysmon Logs to the Splunk Server.