Mail Service Lab: Extreme Red Team LAB Reviewรีวิว Mailservice Lab ของ Extreme Red Team Laboratories
Do You Have What It Takes to Be an Extreme Red Teamer?
Hello everyone,
Today I’ll be reviewing the Mailservice Lab from Extreme Red Team Laboratories (ERTL) a lab that truly challenges your mindset as an internal Red Teamer.
“Do you have what it takes to be an Extreme Red Teamer?” — Extreme Red Team Laboratories
What is Extreme Red Team Laboratories (ERTL)?
Before diving into the lab, let’s talk about ERTL.
Extreme Red Team Laboratories (ERTL) is a specialized training provider focused on advanced Offensive Security labs. Their mission is to deliver highly realistic environments that help cybersecurity professionals sharpen their skills and prepare for real-world threats.
Inside the Active Directory Chains category, there are multiple labs available, each with its own description.
One of them is Mailservice, and its description feels almost like a cyberpunk story.
It talks about a distorted digital world where:
Email headers lie
Messages manipulate the truth
Inboxes become traps
And behind the scenes, there is a hidden service capable of manipulating identities — allowing someone to change their name, appearance, and digital identity to move through systems unnoticed.
At the time, Jockky was already cooking hard in this lab, so I decided to jump in and join him.
How to Access the Lab
The onboarding process is straightforward:
Go to the Lab Access page.
Choose your desired lab.
Join the official Discord server (link at the bottom of the website).
Navigate to the specific lab channel (e.g., mailservice-lab-instructions).
Follow the connection instructions.
Request VPN access via the ask-vpn-for-labs channel using the command:
!getvpn
You will receive an .ovpn file (OpenVPN configuration).
Connect and begin.
Important rule stated clearly:
NO BRUTEFORCE IN LAB PLEASE — IT’S A RED TEAM LAB NOT LAMER LAB
That line alone tells you what kind of mindset this lab demands.
Scope & Starting Point
After connecting via VPN, you receive a jump machine and target information.
In my case, the primary target domain was:
10.0.5.5
Attack Overview
Since the lab owners do not allow public write-ups, I will only describe the high-level overview.
The environment includes both Linux and Windows systems.
The provided Jump Machine is a Linux host, which plays a critical role in the attack process. It is mainly used for:
Uploading or transferring files into the environment
Staging tools inside the internal network
Pivoting to other machines within the network
The attack chain usually begins from an external perspective, then gradually expands through lateral movement across multiple machines.
Normally, in an Active Directory attack scenario, the primary objective is to compromise the Domain Controller, since it represents the central authority of the domain.
However, this lab takes a slightly different approach.
Although the domain environment is still important, the real objective is not simply gaining domain dominance.
You don’t necessarily need to become the “king of the domain.”
Instead, the real goal is to extract sensitive information from the environment (the flag).
This design makes the lab feel closer to real-world red team operations, where the mission is not always to own the entire domain, but to achieve the mission objective.
And that mission is simple:
Exfiltrate critical data from the target network.
Knowledge Required
CVE Exploitation
You should be able to identify vulnerable versions of services and search for available exploits using sources such as:
Exploit-DB GitHub and Metasploit modules
Linux Knowledge
Basic to intermediate Linux knowledge is required.
You should be comfortable using commands and navigating the system.
For example:
rm -rf *
(You can try practicing that command… it’s a very “powerful” one 😄)
Active Directory Knowledge
You should understand tools such as BloodHound, which helps reveal hidden and often unintended relationships within Active Directory.
It helps identify possible attack paths and determine where to move next.
Pivoting
Since the lab involves multiple network segments, pivoting is required.
เห็นแล้วไม่ต้องบอกกว่ารู้ว่านี่เลือกหมวดไหน Active Directory สิครับ รออะไร
โดยของ Active Directory Chains ก็จะแบ่งออกไปอีกว่า Labs อันไหน แต่ละแลปก็จะมี Description ของแต่ละอัน
Mailservice
Step into a world like no other a distorted digital landscape where the usual rules of cyberspace no longer apply. Here, email services are a chaotic mess: headers lie, messages twist the truth, and inboxes become traps. Clarity is an illusion, and every clue you find leads deeper into deception. But something darker stirs behind the scenes. Beneath the surface runs a hellish service hidden, twisted, powerful. If you can uncover it, understand it, control it… it will grant you the ability to change your face, your name, your digital wardrobe. You’ll become whoever you need to be — slipping through systems unnoticed, bypassing barriers, vanishing into the data fog. Can you unravel the chaos, penetrate the corrupted core of the network, and reach your goal? Or will you lose yourself in the maze of mirrors another faceless shadow in a game of masks? This isn’t just a lab. It’s a test of wit, deception, and digital survival
Calipendula
In this lab, you won’t just face vulnerabilities — you’ll walk a hidden path, where someone is pulling strings behind the scenes. Their actions are subtle, but their presence is undeniable. Something — or someone — is at work. To move forward, you’ll have to pass through the clouds: ambiguity, noise, and deliberate misdirection. Nothing will be clear. Every step will demand sharp instincts, patience, and a willingness to get lost before you find your way. But beyond the fog lies their partner — elusive, essential, and waiting. If you can find them, earn their trust — or take control — you’ll gain the strength to turn the tide. Together, you may just overpower the enemy who watches, anticipates, and thrives in the uncertainty. Will you uncover the hidden alliance? Or will you vanish into the mist, just another ghost in the system?
Ifixcentcen
As you step into this lab, you’ll find yourself caught in a strange echo — a revival of characters from distant times: mischievous actresses from the ’80s, and extraterrestrials who once toyed with them in neon-lit dreams. But nostalgia quickly curdles into nightmare. Lurking within this bizarre forest of memories and illusions is a multi-headed hound — a monstrous entity born of code, chaos, and forgotten signals. It’s waiting for you. Not just to find it… but to survive it. Once it sinks its teeth into your mind, it doesn’t let go. And yet, the only way out… is through. Will you find the strength — and the madness — to tame the beast, mount it, and ride it through the tangled forest of the Dark Triangle? Or will you become just another echo, swallowed by its growl?
แนวคิดนี้ทำให้ Lab นี้ให้ความรู้สึกใกล้เคียงกับ Real Red Team Operation มากขึ้น เพราะในสถานการณ์จริง เป้าหมายของการโจมตีไม่ได้อยู่ที่การครอบครอง Domain เสมอไป