1. Home
  2. Ranges
  3. Kinetic

Kinetic

More Details

Primarily Windows focused attacks to include heavy pivoting & post-exploitation.

Windows Learning Objectives

  • The entire Windows pentesting lifecycle from Recon to Post-Exploitation.
  • Kinetic Range Goal: Provide the user with realistic scenarios and learning opportunities to become proficient in Windows Pentesting.
  • Services & Techniques
    •      SMB - Kerberos - WinRM - IIS - WMI - WebDAV - RPC
         Web Exploits - Password Reuse - Living off the Land - PS Remoting - Tunneling
  • Active Directroy Attack
    •      Kerberos & Trust Abuse - GPO Misconfigs - PtH - Attack Path Mapping - DA to EA
  • Cred Collection
    •      MsCachev2 - NTLM - Kerberos - DPAPI - 3rd Party Apps - Cred Manager

Exploits & Tools

  • Exploits
    •      ASREP Roasting - Kerberoasting - Unconstrained Delegation - Golden Tickets - SAM the Admin
         Token manipulation - Follina - PrintNightmare - SharePoint exploits - ACL/ACE abuse & More
         No Buffer Overflows or similar type of reversing or low-level binary exploitation.
  • Tools
    •      Impacket - CrackMapExec - Evil-WinRM - BloodHound - winPEAS - Metasploit Post modules - Chisel - C2's
  • Can be completed entirely on Kali Linux with a few extra tools or an outfitted pentesting Windows machine.

Unique Features:

  • Multiple Windows Domains
    • Exploit your way to Domain Admin multiple times! With 1 primary Domain and 4 others, all engineered to exploit.
    • Domains consist of fictional high-tech corporations with an all encompassing story-line providing hints along the way.
    • Experiment & tune publicly known Windows exploits to advance your knowledge in Windows pentesting.
  • Precompiled Windows Tools
    • Popular Windows tools such as mimikatz, sharphound, winPEAS and more are compiled and accessible if you wish to use them.
    • Saves time downloading & compiling them yourself. Useful to drop and execute on targets.
  • Custom Cyber Weapons
    • Discover custom tools within Kinetic, developed by an in-range high-tech company Spire Corp 🏢.
    • Run these tools and collect juicy files to gain intel and exploit your way throughout the Kinetic networks.

    Request Access by following the guidance here:
    https://slayerlabs.com/request-access.html

    Kinetic

    • Total Boxes: 25 VM's - 100% Windows
    • Overall Difficulty: Intermediate
    • Released: March 2023
    • Description: Heavily focused on Windows-related exploits
    • Theme: Kinetic Operation PDF (redacted version)
    • Unique Features: Fully loaded Windows cyber range with multiple AD domains to pwn!
    • Mode: Free-range
    • Network: 5 Domains - 6 Subnets
    • Continuous Security Patching: False
    • Request Access: Send an email with your requested Range including a preferred Time-Block, and you'll be processed ASAP.