explaingit

iamsavi0r/atlas

Analysis updated 2026-05-18

4HCLAudience · researcherComplexity · 3/5Setup · moderate

TLDR

An automation tool that spins up intentionally vulnerable Active Directory labs in Azure or on low-spec hardware, so students and security testers can practice Kerberoasting, AS-REP Roasting, and other Windows domain attacks.

Mindmap

mindmap
  root((ATLAS))
    What it does
      Vulnerable AD labs
      Attack scenario practice
      Cloud or local deploy
    Tech Stack
      Terraform HCL
      PowerShell
      Azure cloud
      Windows Server Core
    Attack Scenarios
      Kerberoasting
      AS-REP Roasting
      GPO misconfigs
    Audience
      Security students
      Red teamers
      Low-spec users
Click or tap to explore — scroll the page freely

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

What do people build with it?

USE CASE 1

Practice Kerberoasting and AS-REP Roasting attacks on a real Windows domain controller without expensive hardware.

USE CASE 2

Deploy a free-tier Azure Active Directory lab with a single script to study attack techniques safely.

USE CASE 3

Learn how Windows Active Directory domain controllers are configured by following the manual fallback setup steps.

USE CASE 4

Spin up a vulnerable GPO and share misconfiguration lab to practice permission-based attack scenarios.

What is it built with?

HCLTerraformPowerShellAzureWindows Server Core

How does it compare?

iamsavi0r/atlascoder/enterprise-terraformabhi1693/homelab
Stars442
LanguageHCLHCLHCL
Last pushed2022-08-17
MaintenanceDormant
Setup difficultymoderatemoderatehard
Complexity3/53/55/5
Audienceresearcherops devopsops devops

Figures from each repo's GitHub metadata at analysis time.

How do you get it running?

Difficulty · moderate Time to first run · 1h+

Requires Azure CLI and Terraform installed, automation may need manual finishing steps if cloud latency causes domain provisioning to hang partway through.

In plain English

ATLAS stands for Accessible Training Labs for Active-directory Security. It is an automation tool that builds intentionally vulnerable Windows Server environments where cybersecurity students and red teamers can safely practice attack techniques on Active Directory, the system Windows networks use to manage users and access permissions. Most similar tools require powerful computers with 20 or more gigabytes of RAM. ATLAS is specifically built to run on older hardware with as little as 4 to 8 gigabytes, or on a cloud account within its free tier at no cost. It does this by using a stripped-down Windows Server version called Server Core that runs without a graphical interface, and by provisioning virtual machines one at a time rather than all at once. To start a lab, you run a PowerShell script that shows an interactive menu. You pick which attack scenario to practice: Kerberoasting (an attack where an attacker requests and cracks service account passwords), AS-REP Roasting (a similar attack on accounts that skip a step called pre-authentication), or GPO and share misconfigurations (permission-based vulnerabilities). The script uses Terraform to provision the environment in Azure, configure the domain controller, and populate it with vulnerable accounts. When finished, it prints the IP address of the domain controller so you can point tools at it directly. The README notes the automation is in an early release state and occasionally requires finishing a few configuration steps by hand if cloud latency causes a provisioning step to hang. Cleanup is handled by re-running the same script and choosing the destroy option, which removes all cloud resources to avoid unexpected charges. The project plans to add more attack scenarios including ACL abuse and DCSync, plus templates for AWS alongside the existing Azure support.

Copy-paste prompts

Prompt 1
Set up the ATLAS Kerberoasting lab in Azure using Terraform and walk me through running GetUserSPNs.py against the deployed domain controller IP.
Prompt 2
Explain what AS-REP Roasting is and show me how to use GetNPUsers.py against the ATLAS lab to find accounts with pre-authentication disabled.
Prompt 3
The ATLAS atlas.ps1 script hung after the first reboot. Walk me through the manual domain controller setup steps in labs/level-1-basic/README.md.
Prompt 4
After finishing ATLAS lab practice, walk me through the cleanup step to destroy all Azure resources and avoid free-tier overages.
Prompt 5
What attack scenarios does ATLAS support, and how do I add a custom vulnerable account to the Kerberoasting lab environment?

Frequently asked questions

What is atlas?

An automation tool that spins up intentionally vulnerable Active Directory labs in Azure or on low-spec hardware, so students and security testers can practice Kerberoasting, AS-REP Roasting, and other Windows domain attacks.

What language is atlas written in?

Mainly HCL. The stack also includes HCL, Terraform, PowerShell.

How hard is atlas to set up?

Setup difficulty is rated moderate, with roughly 1h+ to a first successful run.

Who is atlas for?

Mainly researcher.

Open on GitHub → Explain another repo

This repo across BitVibe Labs

Scan in gitsafehub Deploy in gitdeployhub iamsavi0r on gitmyhub

Verify against the repo before relying on details.