On the previous post (SCCM LAB part 0x2) we have done SCCM exploitation with a low privilege user. On this part we will exploit SCCM with an admin access on one vm. On part 0x1 we discovered the c...

On the previous post (SCCM LAB part 0x1) we started the recon and exploit the PXE feature. On this part we will start SCCM exploitation with low user credentials. Exploit with low user Takeover 1 ...

On the previous post (SCCM LAB part 0x0) we setup an environment to play with SCCM. If all is going well you should get something like that : Ok so let’s try this out :) Recon Recon without u...

Some time ago i discovered the work of some researchers about SCCM, i was very interested by their research and as i reading i thought that i really need a lab to test all these cool attacks ! T...

On the previous post (Goad pwning part12) we had fun with with the domains trusts. I know, i said the 12 part will be the last, but some of the technics presented here are quite fun i wanted to doc...

Now our lab is up and running, but we need to make an easy access on it. Like a lot of ctf with active directory we will create a VPN access to our lab. To do that we will create an openvpn acce...

If you followed the 3 previous part, you should have a running proxmox instance with the 5 windows vm in it. On part 4 we will setup all the GOAD configuration with ansible. An inventory file...

To providing the vm we will use terraform, the official documentation for proxmox and Qemu can be found here : https://registry.terraform.io/providers/Telmate/proxmox/latest/docs/resources/vm_qem...

If you follow the guide in part1, we now got a proxmox environment, some vlans, and a provisioning CT with the tools installed. On this chapter we will prepare the proxmox template for our f...

Introduction Some people asked me how to install GOAD on proxmox. I wanted to document this a long time ago but never found the time to do this. Now it will be done ;) For this blog post we will...