APT-PR1

README.md

@@ -1,124 +1,22 @@
 # Applied Purple Teaming 
-* A [Defensive Origins Curriculum and Training Project][1]
-* Hosted by: [Wild West Hackin Fest Antisyphon][2] Training
-
-
-![](../Z-images/APT-June2020.jpg)
-
+![](images/APT1.jpg)
 
 ## Course Pre-Requisites
 
-**All labs for this course will be completed in the Azure lab environment.**
-
-### Step One
-
-**Option 1**: Sign up for an Azure account and claim the $200 free credit for new accounts.
-
-https://azure.microsoft.com/en-us/free/
-
-**Option 2**: Request access to a corporate (your company, business, from your IT operations department, help desk, CIO, CISO, CTO) subscription for this class. The subscription will require the following:
-
-* Three virtual machines, 2 CPUs each, 3.5 GB RAM each
-* Three public IPs
-* AZ Sentinel
-* Log Analytics
-
-![][Div1]
-
-
-### Step Two
-
-Deploy the Defensive Origins AZLab from doazlab.com:
-[DOAZLab][DOAZLab]
-
-![](images/prls2-1.jpg)
-
-Or, you can view the operations in more detail on Github:
-[DOAZLab-Github][DOAZLab-Github]
-
-![](images/prls2-2a.jpg)
-
-And, deploy via the README with one click!! 
-
-**Be sure you are in a browser session you are either comfortable authenticating to Azure or you already have an authenticated session.**
-
-![](images/prls2-2b.jpg)
-
-Next up you will choose your subscription, resource group, and log analytics workspace. For easy deployments and cleanup, a general recommendation is to create a new resource group and log analytics workspace. 
-
-![](images/prls2-3.jpg)
-
-Feel free to modify the size of your VMs should you so choose. The default selections made for this course have been tested thoroughly and represent a balance of performance and cost. 
-
-![](images/prls2-4.jpg)
-
-The next step in your custom deployment is to confirm the public IP space. Feel free to limit this range more specifically to your known and trusted addresses. 
-
-**Please be aware that a demonstration will be provided and a discussion around this exposure and that leaving this address wide open (0.0.0.0/0) presents an interesting perspective of the Internet and the risks of exposing services there.**
-
-![](images/prls2-5.jpg)
-
-That is pretty much it for the configuration of your ARM template based deployment of the DO AZ lab environment. The next screenshot includes a warning about agreeing to the terms on Microsoft.
-
-![](images/prls2-6.jpg)
-
-Whether you agree or not, should you choose to click Create, you implicitly do.
-
-![](images/prls2-7.jpg)
-
-![][Div1]
-
-
-### Step Three
-
-**Connect your log sources prior to class start!**
-
-Find your Log Analytics workspace which will depend on your naming convention and will differ from the name shown in the screen below.
-
-![](images/prls3-1.jpg)
-
-Click through to the Log Analytics workspace. Once there, scroll down and choose virtual machines under the "Workspace Data Sources" section. 
-
-![](images/prls3-2.jpg)
-
-As shown below, your initial connection to the lab will require connecting each VM to the workspace.
-
-![](images/prls3-3.jpg)
-
-Click on each virtual and complete the initial connection process. 
-
-![](images/prls3-4.jpg)
-
-![][Div1]
-
-
-### Step Four
-
-Gather your public IP addresses. 
-
-**https://portal.azure.com/#home --> Resource groups --> <DO_Lab_Resource_Group> --> Resources --> Filter --> "public"**
-
-![](images/prls4-1.jpg)
-
-Click through each resource to gather the assigned public IP addresses.
-
-![](images/prls4-2.jpg)
-
-As you gather them up, document them! The addresses in the list below do not represent your IP addresses.
-
-* DC Public IP: 13.67.200.257
-* Nux Public IP: 40.86.95.257
-* WS Public IP: 13.86.95.257
+The following pre-requisites are required before the first day of class.
 
+* GitHub (Free or Upgraded) Account [ [Instructions](labs\GitHub.md) ]
+* Azure "Upgraded" (Pay-As-You-Go) Account. [ [Instructions](labs\AzureAccount.md) ]
+* Deployment of DOAZLab.com in their  Azure Subscription [ [Instructions](labs\DOAZLab.md) ]
 
 ![][Div1]
 
 Copyright - All Rights Reserved, Defensive Origins LLC
 
-![][Div2]
 
-  [Div1]: ../Z-images/divider%201.png
-  [Div2]: ../Z-images/divider%202.png
+
+  [Div1]: images/div1.png
+  [Div2]: images/div2.png
   [DO]: https://www.defensiveorigins.com
   [DOAZLab]: https://www.doazlab.com
   [DOAZLab-Github]: https://github.com/DefensiveOrigins/DO-LAB
@@ -127,8 +25,4 @@ Copyright - All Rights Reserved, Defensive Origins LLC
   [DOAboutUs]: https://defensiveorigins.com/about-us
   [WWHF]: https://wildwesthackinfest.com/
   [1]: https://defensiveorigins.com/
-  [2]: https://wildwesthackinfest.com/training/
   [DOImage]:Z-images/do_darkbackground.jpg
- [Cheat-Sheets]:9-Others/Cheatsheets/
- [APTv8-DigitalBook]:AppliedPurpleTeaming-8thEdition.pdf
- [Survey]:https://forms.office.com/Pages/ResponsePage.aspx?id=ezi0P6h7Wky98F15YOOzAxFXFOo3MeNFpviudN0SuLhUMDNCT1NYWk5QWjlHUkMyMVhJVjFJTjhQMy4u

labs/AzureAccount.md

@@ -0,0 +1,117 @@
+# APT Pre-Requisite : Azure Account (Upgraded)
+
+Students are required to have an upgraded Azure account.  
+
+## Important notes:
+* It is not possible to operate the course lab on an Azure account that has not been upgraded.
+* A valid credit card is required to upgrade an Azure free-tier account to a paid account.
+* Creating an Azure account is free.
+* Azure components operated in the course cost approximately USD $10/day
+
+## Azure account
+There are two options for setting up an Azure account.  Generally speaking, we recommend using option 1 unless your organization offers to pay for the lab portions of this course on an existing enterprise Azure account.  
+
+**Option 1: New free Azure Account**
+<blockquote>
+
+Sign up for an Azure account and claim the $200 free credit for new accounts.
+
+https://azure.microsoft.com/en-us/free/
+
+* After your free account is provisioned, upgrade the free account to a paid account.  
+* At the time of writing, Azure offered $200 in free credits for new accounts, including free accounts that are upgraded.  
+</blockquote>
+
+<Details><summary> Step 1: Create Azure Account</summary>
+
+Go to https://azure.microsoft.com/en-us/free/ and click on "Pay as you go"
+
+| ![](../images/az1.png) | 
+|------------|
+
+Next, click on "Get Started"
+
+| ![](../images/az2.png) |
+|------------|
+
+You will next be required to login with a Microsoft Online account.  If you do not already have one, click on "Create Account", otherwise login with our Microsoft Account.  
+
+| ![](../images/az3.png) |
+|------------|
+
+After Logging in, you will need to enter your contact information. 
+
+| ![](../images/az4.png) |
+|------------|
+
+After validating identity with either a TXT or phone all, press NEXT and enter Paying Information.
+
+| ![](../images/az5.png) |
+|------------|
+
+After entering Billing Information, select a technical support plan.  Generally speaking, we suggest "No technical support.
+
+| ![](../images/az6.png) |
+|------------|
+
+Pressing "Sign up" will finish the registration process.
+
+After the process is completed, the screen will refresh and you will be provided a link to "Go To the Azure portal".  This can also be accomplished by accessing https://portal.azure.com. 
+
+| ![](../images/az7.png) |
+|------------|
+
+</details>
+
+<Details><summary> Step 2: Confirm Subscription</summary>
+
+Continuing from the previous step, click on "Go To the Azure Portal" or goto https://portal.azure.com.
+
+From the Azure Portal, click on "Microsoft Azure" in the upper left corner, then select "Subscriptions"
+
+| ![](../images/az8.png) |
+|------------|
+
+You should only see one subscription.  Click on the name of the subscription.
+
+| ![](../images/az9.png) |
+|------------|
+
+This will show a new pane in the portal.  Ensure that the "Plan" associated with the Subscription does not say "Free"
+
+| ![](../images/az10.png) |
+|------------|
+
+You are ready to move on to the next step of the pre-requisites: Deploying the lab environment.
+
+</details>
+
+**Option 2: Existing Azure ACcount/Corporate Account**
+<blockquote>
+If your organization already operated a corporate Azure account, you may required access to deploy the lab environment within your corporate Azure subscriptions.
+Request access to a corporate (your company, business, from your IT operations department, help desk, CIO, CISO, CTO) subscription for this class. The subscription will require the following:
+
+* Three virtual machines, 2 CPUs each, 3.5 GB RAM each
+* Three public IPs
+* AZ Sentinel
+* Log Analytics
+
+</blockquote>
+
+
+![div2]
+
+Copyright - All Rights Reserved, Defensive Origins LLC
+
+  [Div1]: ../images/div1.png
+  [Div2]: ../images/div2.png
+  [DO]: https://www.defensiveorigins.com
+  [DOAZLab]: https://www.doazlab.com
+  [DOAZLab-Github]: https://github.com/DefensiveOrigins/DO-LAB
+  [DOTraining]: https://training.defensiveorigins.com
+  [DORegister]: https://defensiveorigins.com/first-to-know/
+  [DOAboutUs]: https://defensiveorigins.com/about-us
+  [WWHF]: https://wildwesthackinfest.com/
+  [1]: https://defensiveorigins.com/
+  [2]: https://wildwesthackinfest.com/training/
+  [DOImage]:Z-images/do_darkbackground.jpg

labs/DOAZLab.md

@@ -0,0 +1,136 @@
+# Pre-Requisite : Deploy course Lab Environment (DOAZLab.com)
+
+![][Div2]
+
+Students are required to deploy the DOAZLab in their azure subscription.
+
+## Important Information
+* An "upgraded" or "Pay-as-you-go" Azure account is required to deploy the lab environment.  See other pre-requisite instruction if you do not yet have an Azure account.
+* The cost of the lab environment is approximately $10/day.
+* New Azure accounts are provided $200 in free credit that is credited within the first couple of days and can be used (automatically) for the DOAZLab deployment.  
+* Remember after the end of class delete your lab environment to ensure you have no unexpected fees from Azure.
+
+## Deploy Defensive Origins Azure Lab (DOAZLab)
+
+<Details><summary> <b> Step 1: Kickoff Deployment</b></summary>
+<blockquote>
+
+Deploy the Defensive Origins AZLab from doazlab.com:
+* https://www.doazlab.com
+
+[DOAZLab][DOAZLab]
+
+| ![](../images/prls2-1.jpg) |
+|----------------------------|
+
+Or, you can view the operations in more detail on Github:
+[DOAZLab-Github][DOAZLab-Github]
+
+| ![](../images/prls2-2a.jpg) |
+|----------------------------|
+
+
+And, deploy via the README with one click!! 
+
+**Be sure you are in a browser session you are either comfortable authenticating to Azure or you already have an authenticated session.**
+
+| ![](../images/prls2-2b.jpg) |
+|----------------------------|
+
+Next up you will choose your subscription, resource group, and log analytics workspace. For easy deployments and cleanup, a general recommendation is to create a new resource group and log analytics workspace. 
+
+| ![](../images/prls2-3.jpg) |
+|----------------------------|
+
+Feel free to modify the size of your VMs should you so choose. The default selections made for this course have been tested thoroughly and represent a balance of performance and cost. 
+
+| ![](../images/prls2-4.jpg) |
+|----------------------------|
+
+The next step in your custom deployment is to confirm the public IP space. Feel free to limit this range more specifically to your known and trusted addresses. 
+
+**Please be aware that a demonstration will be provided and a discussion around this exposure and that leaving this address wide open (0.0.0.0/0) presents an interesting perspective of the Internet and the risks of exposing services there.**
+
+| ![](../images/prls2-5.jpg) |
+|----------------------------|
+
+That is pretty much it for the configuration of your ARM template based deployment of the DO AZ lab environment. The next screenshot includes a warning about agreeing to the terms on Microsoft.
+
+| ![](../images/prls2-6.jpg) |
+|----------------------------|
+
+Whether you agree or not, should you choose to click Create, you implicitly do.
+
+| ![](../images/prls2-7.jpg) |
+|----------------------------|
+</blockquote>
+</details>
+
+<Details><summary> <b>Step 2: Connect Log Sources</b></summary>
+<blockquote>
+
+Find your Log Analytics workspace which will depend on your naming convention and will differ from the name shown in the screen below.
+
+| ![](../images/prls3-1.jpg) |
+|----------------------------|
+
+Click through to the Log Analytics workspace. Once there, scroll down and choose virtual machines under the "Workspace Data Sources" section. 
+
+| ![](../images/prls3-2.jpg) |
+|----------------------------|
+
+As shown below, your initial connection to the lab will require connecting each VM to the workspace.
+
+| ![](../images/prls3-3.jpg) |
+|----------------------------|
+
+Click on each virtual and complete the initial connection process. 
+
+| ![](../images/prls3-4.jpg) |
+|----------------------------|
+
+</blockquote>
+</details>
+
+<Details><summary> <b>Step 3: Gather Public IP Addresses for Access</b></summary>
+<blockquote>
+
+Gather your public IP addresses. 
+
+**https://portal.azure.com/#home --> Resource groups --> <DO_Lab_Resource_Group> --> Resources --> Filter --> "public"**
+
+| ![](../images/prls4-1.jpg) |
+|----------------------------|
+
+Click through each resource to gather the assigned public IP addresses.
+
+| ![](../images/prls4-2.jpg) |
+|----------------------------|
+
+As you gather them up, document them! The addresses in the list below do not represent your IP addresses.
+
+* DC Public IP: 13.67.200.257
+* Nux Public IP: 40.86.95.257
+* WS Public IP: 13.86.95.257
+
+
+</blockquote>
+</details>
+
+
+![div2]
+
+Copyright - All Rights Reserved, Defensive Origins LLC
+
+  [Div1]: ../images/div1.png
+  [Div2]: ../images/div2.png
+  [DO]: https://www.defensiveorigins.com
+  [DOAZLab]: https://www.doazlab.com
+  [DOAZLab-Github]: https://github.com/DefensiveOrigins/DO-LAB
+  [DOTraining]: https://training.defensiveorigins.com
+  [DORegister]: https://defensiveorigins.com/first-to-know/
+  [DOAboutUs]: https://defensiveorigins.com/about-us
+  [WWHF]: https://wildwesthackinfest.com/
+  [1]: https://defensiveorigins.com/
+  [2]: https://wildwesthackinfest.com/training/
+  [DOImage]:Z-images/do_darkbackground.jpg