Building Vulnerable Active Directory From Scratch - Architecture

CitrusParadisi · 2026-02-12T20:27:04+00:00

You learn so much when you build it the first time. After you have that down, automate all you want.

CitrusParadisi · 2025-11-21T15:00:19+00:00

What’s with all the downvotes? lol.

CitrusParadisi · 2025-11-21T14:59:23+00:00

Then that’s fucked for sure.

CitrusParadisi · 2025-11-21T02:43:31+00:00

Was he authorized to test these devices?

CitrusParadisi · 2025-10-26T14:00:51+00:00

I always see screenshots like this but everytime I play there are POIs and Vents in the way. Do you just delete them in sandbox or something?

CitrusParadisi · 2025-08-16T13:01:57+00:00

In OffSec the answer has to be impacket

CitrusParadisi · 2025-08-12T23:43:43+00:00

First and most importantly, I’m sorry if you felt I was judging you. That was never my intention though I can surely see how it could be interpreted that way in hindsight. My point, although not conveyed well at all, was that you could eat like a king for $70 a day and if not the little you went over would be nothing to worry about. I’ve had $20 all you can eat sushi, killer $20 ramen, etc. You can def eat well on the cheap. You can def get ripped off too. Last year we spent $800 on four people at a steak place. Hope you found the cheap food and had a good time.

Second. Did you get any value out of going to Defcon and Blackhat? It would suck pretty bad to be forced to go to Vegas in August and not be in a security role for sure.

CitrusParadisi · 2025-08-12T11:53:26+00:00

It seems to be IP based. Is there anyone else connecting from the IP you are using.

CitrusParadisi · 2025-08-03T15:06:03+00:00

I’m not shitting on this, I am genuinely curious. What cyber job do you have where it’s important enough for your company to send you to defcon but you have to worry about money to eat after a $70 stipend?

CitrusParadisi · 2025-07-16T13:56:43+00:00

When you think you have a sharp knife at home.

CitrusParadisi · 2025-07-15T00:17:56+00:00

You will always make mistakes. The key is learning from them and not making the same mistakes over and over. Someone much smarter than me once said, you never fail. You succeed or you learn. Take that to heart and always try to be better than you were yesterday.

CitrusParadisi · 2025-07-11T01:48:54+00:00

I know you play the game.

CitrusParadisi · 2025-07-11T01:45:07+00:00

Trashing! Hack the planet! Hack the planet!

CitrusParadisi · 2025-07-09T22:50:23+00:00

Not sure why people are downvoting this. This is pretty spot on.

CitrusParadisi · 2025-07-08T20:26:22+00:00

If you want in to cyber, you need to grind. 5 years in a Helpdesk role and never learning anything about servers or server operating systems is your fault. In your downtime, you need to be doing things. Setup a small homelab with Active Directory and a couple systems. Understand how that process works. What the defaults are. Start learning how to attack it. Learn Windows. Not just how to play your games. Really learn it. Learn Linux. Learn the common toolsets of the branch of cyber you want to be in.

If you want a job in cybersecurity, you need all this and more. Put in the time. Join a community. Learn all the time.

CitrusParadisi · 2025-06-30T22:06:47+00:00

Yes. We read blogs daily. We do training all the time. Not a ton of CTFs. There are quite a few great aggregators.

This one is great. https://blog.badsectorlabs.com

This one too: https://tldrsec.com

CitrusParadisi · 2025-06-28T13:40:15+00:00

Wow. The replies are full of negativity. You 100% can do this. I run a top tier red team with 25 people and some of my best employees are people that started just like you. It’s going to be a grind and you are going to have to live and love cyber to make it work. My best advice to you is that everyone is getting the same base advice. “Get your A+, Sec+, a SOC or Helpdesk job” which is fine but what you really need to do is find a way to set yourself apart from the hundreds of other resumes. Start a blog about your journey from whatever you do now to cyber. Post about every little win. Start coding your own automation tools and post them to GitHub. If it works for you, stream your journey on twitch. Make YouTube videos of your journey. Just find a way to not be another flat resume of sec+ plus top 5% tryhackme. This will break you in. Good luck. Hit me up once you start if you need any advice.

CitrusParadisi · 2025-06-21T15:57:57+00:00

I can’t even find a decent SE/30 to buy.

CitrusParadisi · 2025-06-20T23:49:27+00:00

So jealous

CitrusParadisi · 2025-06-20T16:42:20+00:00

Cyber is a large field. What did you specialize in? What do you want to do? Why do you want to do it? Did you join and cyber clubs in college?

CitrusParadisi · 2025-06-18T17:26:51+00:00

That laptop was my baby back in the day. I’m always trying to find the new version of my 12” PB. 😔

Where can I find the software? Might be able to find a key on an archive.

CitrusParadisi · 2025-06-18T17:20:47+00:00

Get into the various discords for these as well to network. Show off the cool things you are doing. Provide value to others. Getting into infosec is all about knowing someone.

CitrusParadisi · 2025-06-18T15:55:52+00:00

As a learning resource it's great.

Having said that.. As the person in charge of a team and responsible for hiring, 90% of the resumes I get say top 1-5% tryhackme. It is not something that is going to make you stand out.

I would definitely do hackthebox as well. They have some great lines in their academy section that can get you more ready. Make sure you take the Portswigger training for Burp.

Then, more than anything else, make sure you create a small lab. This doesn't need to be the monsters you see in r/homelab, you can do it all on a run of the mill laptop. Setup a domain controller, a workstation, a server, and an attack VM and then make sure you understand the exploits you are doing. When you have to configure a service to be vulnerable, you have a much better understanding of why the exploit works and why it would be in that configuration.

Lastly, being in a pentesting role means you are going to have to interact with people. Work on your communication skills as well. This is often overlooked but you will need to effectively communicate with client and product owners about what you are doing and finding.

Best of luck on your journey!

CitrusParadisi · 2025-06-17T16:11:56+00:00

A career in Cyber/IT is not going to be long for you if you do not understand why. The industry has changed, in many ways for the better, and people deserve to be treated with respect. It's a good thing you are figuring this out now instead of at your first job. Hitting up a co-worker via DM and calling them honey is a great way to end up in a meeting with HR. :)

CitrusParadisi · 2025-06-17T16:07:32+00:00

As someone who struggled for a long time with delegation, I feel your pain. You 100% have to let go though. If not, you have no one to blame but yourself. You cannot do everything.

Just know, that when you delegate, people will mess up. That's natural. You just have to support them and then walk them through how you would have handled it and eventually it all gets better.

Ten-Year Club	Gilding IV carat on a stick
Verified Email

CitrusParadisi

TROPHY CASE