The Defensive Origins Lab (DO-LAB) Environment is used during the Defensive Origins training classes by Defensive Origins, AntiSyphon Training, and Black Hills Information Security.
Click the button below to start the deployment of the Defensive Origins Lab Environment within your Azure account.
While the deployment within Azure should be region agnostic, some deployed resources may not be available in all regions. The following locations have specifically been tested:
- US East (any)
- US West (any)
- US Central (any)
Are you attending a Defensive Origins training course that utilizes the Defensive Origins Azure Lab Environment? See the below links for additional information on the DOAZLab Pre-Requisites for Defensive Origins training courses.
Assumed Compromise - Methodology With Detections and Microsoft Sentinel
Attack Detect Defend:
Applied Purple Teaming:
- Windows Server 2022 /w Active Directory.
- Domain: doazlab.com
- Windows Workstation
- Ubuntu 22.04LTS
- Sysmon Installation on Server and Workstation
- Microsoft Sentinel & Log Analytics
 |
|---|
- Open Threat Research Forge: https://github.com/DefensiveOrigins/DO-LAB
- Microsoft Sentinel2Go: https://github.com/OTRF/Microsoft-Sentinel2Go
- OTRF Blacksmith Components: https://github.com/OTRF/Blacksmith
- Roberto Rodriguez (@Cyb3rWard0g)
- Sysmon Modular: https://github.com/olafhartong/sysmon-modular/wiki
- GPLv3