Infrastructure Overview

Atomic Attack Lab consists of three infrastructure groups. Victim infrastructure, Attack infrastructure, and Public infrastructure.

Victim Infrastructure

The resources in here will be the "victims" during attack simulations. The infrastructure is made up of a Windows domain, mimicking a small production deployment. Also, there are two linux servers.

Attack Infrastructure

The attacker infrastructure is made up primarily of a Ubuntu-based Caldera server. Also, the OVPN client pool for attacker machines (e.g. Humans on keyboards) lies in the attacker infrastructure.

Public Infrastructure

The public infrastructure is quite limited, on purpose. The aim of Atomic Attack Lab was to isolate traffic from the internet and provide a somewhat controlled environment. This was achieved by deploying OpenVPN as a method of accessing the private subnets where all the action takes place. Also, we still needed a way to grant outbound internet access for various things, but mostly allowing EDR products to phone home. This was done through a NAT gateway.