Pro Lab / Offshore
by Ben Rollin
Offshore is a virtual simulated Active Directory network environment with the goal of helping users both develop and enhance their skills in network penetration testing.
The lab simulates a real-world engagement in which a tester is tasked with assessing the external perimeter, gaining an internal foothold and pivoting across multiple hosts and forests.
To track progress, there are multiple flags planted along the way as well as a few side challenges not required to advance within the Active Directory environment. Players can submit flags to earn a place in the Offshore Hall of Fame and receive badges for various stages of completion.
Offshore is designed to mimic a large corporate Active Directory network with a mix of Microsoft Windows operating system versions. The lab includes both Windows workstations and servers as well as components such as Internet Information Services (IIS), and Microsoft SQL Server (MSSQL), among others.
The network consists of multiple domains and forests which only become reachable after compromising certain hosts.
The lab also contains elements of a busy corporate network such as simulated users whose actions can be manipulated and leveraged to further access within the environment.
Offshore was design to appeal to a wide variety of users, everyone from junior-level penetration testers to seasoned testers as well as infosec hobbyists and even blue teamers, there is something for everyone. Players will pick up at least a few new tricks which can be immediately applied to real-world engagements or taken back to their organizations to help improve the overall security posture.
You are an agent tasked with exposing money laundering operations in an offshore international bank. Breach the DMZ and pivot through the internal network to locate the bank’s protected databases and a shocking list of international clients. OFFSHORE is designed to simulate a real-world penetration test, starting from an external position on the internet and gaining a foothold inside a simulated corporate Windows Active Directory network. Users will have to pivot and jump across trust boundaries to complete the lab.
The entry point for the lab is 10.10.110.0/24 once connected to the VPN. Users will start from an external perspective and have to penetrate the “DMZ” and then move laterally through the CORP.LOCAL, DEV, ADMIN and CLIENT forests to complete the lab.
The firewall at 10.10.110.3 is out-of-scope.