Welcome to SudoForge

Matt Lai
May 25, 2025
4 min read
Photo by Joshua Sortino / Unsplash

A Pentester's Digital Makerspace

I have to admit something right off the bat: I'm not your typical cybersecurity blogger sitting here with a decade of red team expertise and a wall full of offensive security certifications. I'm a defensive security professional with a ton of IT/Tech experience who's finally admitting what we all know but rarely say out loud—you can't truly defend what you don't understand how to attack.

The Late Bloomer's Dilemma

I came into cybersecurity later than most. While many were pwning boxes in their teens, I was taking the scenic route through various tech roles, picking up what my friends and family generously called "hacking skills" (their definition being anyone who could fix their Wi-Fi or recover their Facebook password). But let's be honest — being the family tech support isn't quite the same as understanding how an adversary thinks.

green grass field during daytime
Photo by Oleg Hasanov / Unsplash

Now, firmly planted in what we'll diplomatically call my "post-twenties" years, I've realized I have a problem. The energy and free time I once had for marathon learning sessions? Gone. The ability to stay up until 3 AM reading exploit documentation? My back hurts just thinking about it. But here's what I do have: years of accumulated knowledge, a defensive mindset that needs offensive seasoning, and apparently an unhealthy obsession with building lab environments.

Why SudoForge Exists

Over the past two months, I've fallen down the rabbit hole of building an Active Directory penetration testing lab. What started as a simple "let me understand AD attacks better" turned into an epic quest involving Autounattended installation XML files, PowerShell automation scripts, and more Windows Server VMs and Docker containers than any reasonable person should run on a single machine.

The thing is, I kept running into the same problems over and over again. Documentation and solutions scattered across a dozen different blogs and GitHub repos. Tutorials that assumed either complete novice knowledge or expert-level understanding with nothing in between. Lab setup guides that worked... sometimes... if the planets aligned, and backpedaling through previous versions of scripts for the one that worked but got mangled or over-engineered by Ai hallucinations.

So here's my proposition: SudoForge is going to be both my accountability buddy and your shortcut.

you didnt come this far to only come this far lighted text
Photo by Drew Beamer / Unsplash

What You'll Find Here

This isn't just another cybersecurity blog with hot takes on the latest breach. SudoForge is designed as a digital makerspace where we build, document, and share the tools and environments that make offensive security learning actually accessible.

You'll find:

  • Detailed lab building guides with actual working XML configurations (not just "Figure it out yourself" instructions)
  • Automation scripts that handle the boring setup work so you can focus on the actual learning
  • Video walkthroughs of real attack scenarios in controlled environments  
  • GitHub repositories with all the code and configurations I'm using
  • Honest documentation of what works, what doesn't, and what made me want to throw my laptop out the window

The Learning Path Forward

I'm approaching this journey methodically (because that's what defensive security teaches you). Starting with Windows Server environments, moving through Active Directory attacks, and eventually expanding into web application testing, cloud security, and whatever else catches my interest.

Each post will document real progress, real problems, and real solutions. Think of it as public learning—if I'm going to invest the time anyway, why not help others avoid the same time sinks I've already navigated?

Join the Build

Whether you're a seasoned pentester looking for ready-made lab configurations, a defensive professional trying to understand the other side, or someone just starting their offensive security journey, there's something here for you.

people building structure during daytime
Photo by Randy Fath / Unsplash

The beauty of a makerspace is that it's collaborative. I'll be sharing everything I build, but I'm also hoping you'll contribute your own configurations, improvements, thoughts, and ideas. After all, the best way to learn is to teach, and the best way to build better is to have more hands (and minds) involved.

Coming Up Next

In the next post, I'll dive deep into building your first Windows Server vulnerable lab environment with a complete step-by-step guide, downloadable XML files, and a video walkthrough of the entire setup process. No assumptions, no skipped steps, just a working lab you can deploy and start attacking.

Because here's the thing about being a late bloomer in offensive security: I might not have the energy I had at 20, but I've got something better—the patience to document the process properly and the experience to know what actually matters.

Welcome to SudoForge.io . . . Let's Build. Break. Learn. and Repeat.

Ready to start building? Subscribe to get notified when new lab configurations and tutorials drop. And if you've got ideas for environments you'd like to see covered, hit me up—this makerspace is only as good as the community that uses it.

Tags: penetration testing, cybersecurity labs, Active Directory, red team, lab automation, vulnerability testing, Windows Server, pentesting environments

Subscribe to our Newsletter and stay up to date!

Subscribe to our newsletter for the latest news and work updates straight to your inbox.

Oops! There was an error sending the email, please try again.

Awesome! Now check your inbox and click the link to confirm your subscription.