Post cover image

June 3, 2026

Hacking Outpost (Active Directory Pentest) — From Recon to Root (Part 1)

Whats up guys, its been awhile.

Calvary

2 min read

This is my first blog post in the year 2026……….

Crazy how its already June (time just flies)

Anyway, I recently created an Active Directory Lab named Outpost.

I open sourced it, so its available on Github:

GitHub - Calvaryyy/Outpost: An independent Active Directory home lab built completely from scratch… An independent Active Directory home lab built completely from scratch for full-chain Red Teaming. Mirrors a realistic…

Honestly, I didnt want to create it in the first place. It was pretty much forced on me to do so.

Here's the backstory:

I wanted to setup a lab on my PC to practice Red Teaming, so of course I picked GOAD (Game of Active Directory), GOAD-Light in particular.

But installation was a nightmare, from one issue to another, things just weren't working and time was going.

Eventually, I lost patience and said to myself "screw it, I'll just build it myself" and voila — we are here!!!

Outpost is an Active Directory home lab built to practice Active Directory pentesting and also Red Teaming.

It is made of 3 virtual machines:

  • Windows 2025 Server (which is the Domain controller in addition to the Email Server).
  • 2 Windows 10 workstations

As you can already tell, I setup an email server using hMail and Thunderbird. (hMail is the email server and Thunderbird is the email client).

This whole focus of this lab is being realistic, most AD labs out there just aren't realistic enough and I'm just sick of all that.

How do ethical hackers actually improve if they are being trained on environments that don't mirror the real world.

Sighs…………………

Enough ranting, focus, focus……….

deep breath, deep breath………

In order to make Outpost as realistic as possible, I left Microsoft Defender (or is it called Windows Defender, hmmmm………………………. Idk tbh 😂)

Anyway, Sysmon is also installed and running on all 3 VMs.

And like I said previously ( why do I keep on repeating myself 😩) I have the Email Server running, with 2 email addresses created ( 1 for each Windows 10 workstation) so feel free to also practice your phishing skills.

It was kinda the main point though (to get in via phishing and escalate to Domain Controller and maybe also become SYSTEM on all 3 VMs if you want to go extra).

I haven't done that

(its not skill issues, I promise 😭 😭 😭 😭 😭)

I'll be writing a walkthrough on how to do that soon.

Actually before that, I would first write a walkthrough where I walk through the regular AD pentest process of username enumeration, bruteforcing etc.

So this is really the first post in a series of post, I look forward to walking through this journey with you all.

Go check out Outpost on Github and give it stars please 🥺 🥺.

If you're feeling lazy to scroll back up, here is the link once more:

GitHub - Calvaryyy/Outpost: An independent Active Directory home lab built completely from scratch… An independent Active Directory home lab built completely from scratch for full-chain Red Teaming. Mirrors a realistic…

I would also appreciate feedback, so got anything you'll like to add, or any observation, just let me know, let us all grow together.