Adding Users to your Lab

Posted on January 05, 2023 · 5 mins read

Its been a while.

ohai

This blog post is long awaited and ultimately I needed time to de-stress from the day to day life. There is a lot going on in my personal life and these blog posts will be ad hoc as I mentioned when I first started. I am keen to keep going with them but there is a lack of energy that I have recently that is preventing me from doing too much on it. So I figured with the holiday season upon us, I would pour some of the energy I have into this passion project of mine and get it moving again.

But enough about the wos of my life. Lets get into this blog post with…..

Users - Who would have them

When we think about simulating an environment and making it look realistic, one of the most important things that we can include are users. Adding just a basic administrator user and moving on will result in a network that looks like a lab network and not a real environment as we want.

waitaminute

Ultimately whilst in reality this environment might not have APT level actors in it, it will have some of my friends who are red teamers and I will be asking them to simulate a real attack, so I need it to look real.

Creating the company persona

Now this is the fun part. This is where we get to make us the meat of the real company. “Who is who in the zoo” as it were. Making up names and positions and making them look real is the key to this.

  • Where is the company based?
  • What positions make sense for this company?
  • How big is the company?
  • What data should these users have access to?
  • How is your data protected by different security groups within Active Directory?
  • Is there a structure to this company or just the CEO and everyone under them?

These are all things you need to be asking yourself as you are coming up with the users that will make up your network.

Ultimately ive gone for a basic structure that any normal publicly listed company will have. We have a CEO, CIO, COO and CFO. Under them there are different staff and different functions but roles but this is the basic structure. As I know this network won’t be used for a real attack, I am purposely leaving little easter eggs for the attackers to find and have a giggle at.

sneaky

Adding the Users to the system

Now that you have your users in mind, there are many ways to get them added into Active Directory, and heaps of different tutorials on how to do this. Given I have setup something like this before, im going to use the method i know. Create a CSV file with the different columns and import it that way. Below is a gist to the script that i used to create my users. Use at your own peril the results are on you.

https://gist.github.com/parker67/844490458fe2f39b86ed7cf0c6d0ced5

SCREENSHOT OF CSV FILE HEADERS

csvheaders

Just a note that if you intend on using Non default groups (i.e. making new groups within AD) and have these in your CSV, you should make sure that you have added the groups before attempting to add the users otherwise you might get some erroring or they will not be added to the groups you expect.

What now?

So you have your users added…..

goodforyou

Whats next is making sure they all work. No point in having users if they don’t login successfully and you havn’t generated traffic for the users. Remember, these SIEM is always watching now so if a user hasn’t done anything on the network in 7 days, whats the point in them being there? Go out, generate some activity…… and in the next post ill talk about how I automated that so that it just runs randomly for each user.

evilburns

← Previous Post