On the previous post (Goad pwning part12) we had fun with with the domains trusts. I know, i said the 12 part will be the last, but some of the technics presented here are quite fun i wanted to doc...

Now our lab is up and running, but we need to make an easy access on it. Like a lot of ctf with active directory we will create a VPN access to our lab. To do that we will create an openvpn acce...

If you followed the 3 previous part, you should have a running proxmox instance with the 5 windows vm in it. On part 4 we will setup all the GOAD configuration with ansible. An inventory file...

To providing the vm we will use terraform, the official documentation for proxmox and Qemu can be found here : https://registry.terraform.io/providers/Telmate/proxmox/latest/docs/resources/vm_qem...

If you follow the guide in part1, we now got a proxmox environment, some vlans, and a provisioning CT with the tools installed. On this chapter we will prepare the proxmox template for our f...

Introduction Some people asked me how to install GOAD on proxmox. I wanted to document this a long time ago but never found the time to do this. Now it will be done ;) For this blog post we will...

On the previous post (Goad pwning part11) we tried some attacks path with ACL. This post will be on escalation with domain trust (from child to parent domain) and on Forest to Forest trust lateral ...

On the previous post (Goad pwning part10) we did some exploitation by abusing delegation. On this blog post, we will have fun with ACL in the lab. In active directory, objects right are called Acc...

On the previous post (Goad pwning part9) we done some lateral move on the domain. Now let’s try some delegation attacks. Here i will just demonstrate the exploitation, if you want to understand th...

The v2022_11 AD mindmap is now available : Full view is available on orange cyberdefense mindmap site : https://orange-cyberdefense.github.io/ocd-mindmaps/img/pentest_ad_dark_2022_11.svg Upgrad...