DetectionLab is tested weekly on Saturdays via a scheduled CircleCI workflow to ensure that builds are passing.
All of the infrastructure, building, and testing of DetectionLab is currently funded by myself in my spare time. If you find this project useful, feel free to buy me a coffee using one of the buttons below!
This lab has been designed with defenders in mind. Its primary purpose is to allow the user to quickly build a Windows domain that comes pre-loaded with security tooling and some best practices when it comes to system logging configurations. It can easily be modified to fit most needs or expanded to include additional hosts.
Read more about Detection Lab on Medium here: https://medium.com/@clong/introducing-detection-lab-61db34bed6ae
NOTE: This lab has not been hardened in any way and runs with default vagrant credentials. Please do not connect or bridge it to any networks you care about. This lab is deliberately designed to be insecure; the primary purpose of it is to provide visibility and introspection into each host.
When preparing to build DetectionLab locally, be sure to use the
prepare.[sh|ps1] scripts inside of the Vagrant folder
to ensure your system passes the prerequisite checks for building DetectionLab.
The primary documentation site is located at https://detectionlab.network
Please do all of your development in a feature branch on your own fork of DetectionLab. Contribution guidelines can be found here: CONTRIBUTING.md
A sizable percentage of this code was borrowed and adapted from Stefan Scherer's packer-windows and adfs2 Github repos. A huge thanks to him for building the foundation that allowed me to design this lab environment.
I would like to extend thanks to the following sponsors for funding DetectionLab development. If you are interested in becoming a sponsor, please visit the sponsors page.