ZephrFish / ludus-defender-lab

Public

MDE/MDI Defender setup for Ludus

100% credibility

Found Mar 07, 2026 at 44 stars -- GitGems finds repos before they trend. Get early access to the next one.

AI Analysis

PowerShell

AI Summary

A blueprint for creating a virtual Windows domain lab prepped for Microsoft Defender security testing, featuring detailed logging, vulnerable certificate services, and populated users for attack simulation.

How It Works

🔍 Discover the Security Practice Lab

You hear about a fun virtual playground to practice spotting cyber attacks on Windows computers.

🏗️ Prepare Your Virtual Playground

You make sure your virtual machine setup is ready to build new practice environments.

⚙️ Add Lab Building Tools

You add the special helpers that make setting up the lab super easy.

🚀 Launch Your Lab World

With one simple action, your domain controller and workstation come alive, full of logging and test setups.

🔒 Connect Security Watchers

You link up the smart defenders from Microsoft to watch for threats in real time.

📸 Save a Quick Restart Point

You capture the perfect starting state so you can jump back anytime without rebuilding.

🛡️ Test Attacks and See Alerts

Now you run pretend bad guy moves and watch the system catch them perfectly every time.

Sign up to see the full architecture

5 more

Star Growth

See how this repo grew from 44 to 44 stars Sign Up Free

Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose

AI-Generated Review

What is ludus-defender-lab?

This PowerShell-driven Ludus setup deploys a two-VM Windows defender lab: a domain controller with misconfigured ADCS (ESC1-ESC15 vulns) and a workstation, prepped for MDE/MDI onboarding. It handles logging via Sysmon and WEF, ASR rules, honeypot shares, and AD population with roastable accounts, so you test detections without manual tweaks. Run ludus range config set followed by deploy, then onboard MDE/MDI from security.microsoft.com.

Why is it gaining traction?

It skips the pain of scripting Defender prereqs like audit policies, telemetry sizing, and LSA hardening, delivering a telemetry-rich lab ready for attack sims in minutes. The integrated ADCS flaws and planted creds make it perfect for chaining exploits to MDE alerts, unlike bare Ludus templates. Niche but sticky for Ludus users chasing quick MDE/MDI validation.

Who should use this?

Red teamers simulating Kerberoasting or ESC attacks against Defender sensors. Blue team analysts tuning detections in a domain-joined setup with WEF forwarding. Security trainers needing repeatable labs for MDE/MDI workshops without rebuilding VMs daily.

Verdict

Grab it for Ludus-based defender labs—clear docs and deploy flow make the 44 stars punch above the 1.0% credibility score. Still early maturity, so snapshot post-onboarding and test configs yourself before team demos.

(187 words)

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.

Stars

Forks

1,340

Followers

Base stars: 44 stars

Bonus: AI verified quality (100%)

Account age: 4,514 days

Repo age: 4 days

Updated: Mar 07, 2026