Purple Cloud
Pentest Cyber Range for a small Active Directory Domain. Automated templates for building your own Pentest/Red Team/Cyber Range in the Azure cloud! Purple Cloud is a small Active Directory enterprise deployment automated with Terraform / Ansible Playbook templates to be deployed in Azure. Purple Cloud also includes an adversary node implemented as a docker container remotely accessible over RDP.
Quick Fun Facts:
- Deploys a pentest adversary Linux VM and Docker container (AriaCloud) accessible over RDP
- Deploys one (1) Windows 2019 Domain Controller and three (3) Windows 10 Pro Endpoints
- Automatically joins the three Windows 10 computers to the AD Domain
- Uses Terraform templates to automatically deploy in Azure with VMs
- Terraform templates write Ansible Playbook configuration, which can be customized
- Automatically uploads Badblood (but does not install) if you prefer to generate thousands of simulated users https://github.com/davidprowe/BadBlood
- Post-deployment Powershell script provisions three-domain users on the 2019 Domain Controller and can be customized for many more
- Domain Users: olivia (Domain Admin); lars (Domain User); liem (Domain User)
- All Domain User passwords: Password123
- Domain: RTC.LOCAL
- Domain Administrator Creds: RTCAdmin:Password123
- Deploys four IP subnets
- Deploys intentionally insecure Azure Network Security Groups (NSGs) that allow RDP, WinRM (5985, 5986), and SSH from the Public Internet. Secure this as per your requirements. WinRM is used to automatically provision the hosts.
- Post-deploy Powershell script that adds registry entries on each Windows 10 Pro endpoint to automatically log in each username into the Domain as a respective user. This feature simulates a real AD environment with workstations with interactive domain logons. When you attempt to RDP into the endpoints, the simulated adversary is met with:
AriaCloud Pentest Container – Automated Deployment
This repo now includes a Terraform template and Ansible Playbook that automatically deploys AriaCloud into an Azure VM with remote access over RDP. You can also do a standalone deployment of AriaCloud from within this repo. For this option, navigate into the aria-cloud directory and see the README. For more information on the AriaCloud docker container and included pentest tools, navigate to https://github.com/iknowjason/AriaCloud.
