Analysis updated 2026-05-18
Practice Kerberoasting and AS-REP Roasting attacks on a real Windows domain controller without expensive hardware.
Deploy a free-tier Azure Active Directory lab with a single script to study attack techniques safely.
Learn how Windows Active Directory domain controllers are configured by following the manual fallback setup steps.
Spin up a vulnerable GPO and share misconfiguration lab to practice permission-based attack scenarios.
| iamsavi0r/atlas | coder/enterprise-terraform | abhi1693/homelab | |
|---|---|---|---|
| Stars | 4 | 4 | 2 |
| Language | HCL | HCL | HCL |
| Last pushed | — | 2022-08-17 | — |
| Maintenance | — | Dormant | — |
| Setup difficulty | moderate | moderate | hard |
| Complexity | 3/5 | 3/5 | 5/5 |
| Audience | researcher | ops devops | ops devops |
Figures from each repo's GitHub metadata at analysis time.
Requires Azure CLI and Terraform installed, automation may need manual finishing steps if cloud latency causes domain provisioning to hang partway through.
ATLAS stands for Accessible Training Labs for Active-directory Security. It is an automation tool that builds intentionally vulnerable Windows Server environments where cybersecurity students and red teamers can safely practice attack techniques on Active Directory, the system Windows networks use to manage users and access permissions. Most similar tools require powerful computers with 20 or more gigabytes of RAM. ATLAS is specifically built to run on older hardware with as little as 4 to 8 gigabytes, or on a cloud account within its free tier at no cost. It does this by using a stripped-down Windows Server version called Server Core that runs without a graphical interface, and by provisioning virtual machines one at a time rather than all at once. To start a lab, you run a PowerShell script that shows an interactive menu. You pick which attack scenario to practice: Kerberoasting (an attack where an attacker requests and cracks service account passwords), AS-REP Roasting (a similar attack on accounts that skip a step called pre-authentication), or GPO and share misconfigurations (permission-based vulnerabilities). The script uses Terraform to provision the environment in Azure, configure the domain controller, and populate it with vulnerable accounts. When finished, it prints the IP address of the domain controller so you can point tools at it directly. The README notes the automation is in an early release state and occasionally requires finishing a few configuration steps by hand if cloud latency causes a provisioning step to hang. Cleanup is handled by re-running the same script and choosing the destroy option, which removes all cloud resources to avoid unexpected charges. The project plans to add more attack scenarios including ACL abuse and DCSync, plus templates for AWS alongside the existing Azure support.
An automation tool that spins up intentionally vulnerable Active Directory labs in Azure or on low-spec hardware, so students and security testers can practice Kerberoasting, AS-REP Roasting, and other Windows domain attacks.
Mainly HCL. The stack also includes HCL, Terraform, PowerShell.
Setup difficulty is rated moderate, with roughly 1h+ to a first successful run.
Mainly researcher.
This repo across BitVibe Labs
Verify against the repo before relying on details.