Red Team Labs

I maintain the notsoshant/rtlabs GitHub repo. This repository contains the code I use to build my local Active Directory labs and practice all sorts of attacks. It uses Vagrant and some PowerShell magic to build and configure the labs.

Structure of the Lab

This lab currently contains following machines:

  • A Domain Controller: Windows Server 2019
  • 2 Servers: Windows 2016
  • 1 Workstation: Windows 10
  • A Kali machine for attacking

List of Attacks this lab is vulnerable to

Currently none. The lab just deploys the VMs, configures the DC and joins other machines to the domain as of now.


My test environment was a Windows 11 machine with VMWare Workstation 16 and PowerShell 7.2. I have not tested this on Linux host with Linux-based PowerShell. I know I have used some PowerShell commands that aren’t supported by Linux version of PowerShell, but you’re free to experiment.

Also, the labs currently only support VMWare provider for Vagrant. I do plan to expand it to VirtualBox and Hyper-V provider in future.

Why not use Ansible instead of custom PowerShell scripts?

I wanted to honestly. But Ansible doesn’t love Windows hosts and I do. It wasn’t a perfect match. Also, I saw this as an opportunity to work on my PowerShell skills.


Note: Script assumes that the NAT device for VMware is the default vmnet8. If not, please update the config.json file.

First launch: On an elevated PowerShell run setup.ps1

After first launch: Just vagrant up on an unelevated shell should do

To customize the labs, like Domain name or Administrator password, modify the config.json file.

Thanks to

I’ve taken some inspiration from alaebov’s AD-lab. And the Vagrant boxes I’ve used are created by StefanScherer.

comments powered by Disqus