dirsim — Active Directory you can break safely.
A high-fidelity behavioral simulator of AD environments. Model forests, OUs, GPOs, and Kerberos-like tickets through a REST API and a web console — without standing up real domain controllers.
What it is
dirsim is a behavioral simulator of the AD logical plane. It models the things a security practitioner usually needs to reason about — forests, domains, OUs, users, groups, computers, GPOs, trusts, and Kerberos-style tickets — and exposes them through a REST/WebSocket API and a Next.js admin console.
It is not a wire-protocol AD reimplementation. It does not speak LDAP or Kerberos on the wire. It implements the concepts and enforcement semantics so you can practice attack paths, train operators, and demo controls without standing up real domain controllers and exposing real ports.
It exists because every "AD lab" tutorial assumes you'll spin up two Windows VMs, join them to a domain, and pretend that's a low-friction starting point. It isn't. dirsim is the lab you can spin up in 30 seconds, reset on a cron, and demo to a class of twenty without anyone needing a Microsoft license.
Architecture
In the console
Launch dirsim
Three ways to run it. The hosted demo lights up when secnull's deploy target stands up an instance — not yet.