In the previous post (Goad pwning part6) we tried some attacks with ADCS activated on the domain. Now let’s take a step back, and go back on the castelblack.north.sevenkingdoms.local to take a look...

In the previous post (Goad pwning part5) we tried some attacks with a user account on the domain. On this part we will try attacks when an ADCS is setup in the domain. First we will use petitpotam ...

In the previous post (Goad pwning part4) we played with relay ntlm. During this article we will continue to discover what can be done using a valid domain account Here we will only try samAccoun...

In the previous post (Goad pwning part3) we start to dig on what to do when you got a user account. Before start exploiting the VMs with a user account, we will just step back to the state (without...

We found some users on Goad pwning part2, now let see what we can do with those creds. User listing When you get an account on an active directory, the first thing to do is always getting th...

We have done some basic reconnaissance on Goad pwning part1, now we will try to enumerate users and start to hunt credentials. Enumerate DC’s anonymously With CME cme smb 192.168.56.11 --users...

The lab is now up and running Goad introduction, let’s do some recon on it. Enumerate Network We will starting the reconnaissance of the Game Of Active Directory environment by searching all the ...

The second version of Game Of Active directory is out! https://github.com/Orange-Cyberdefense/GOAD I spent months to setup this new lab, with a bunch of new features and the result is finally ava...

Light version Full View Dark version Full View Upgrade ADCS details (thx to @Sant0rryu for his help) and ly4k for the awsome https://github.com/ly4k/Certipy tool ! Modifications on dele...

Description Durant ma préparation pour l’exam de l’OSWE je cherchais un moyen de m’entrainer dans la recherche de vulnérabilités en whitebox. Du coup j’ai pris un produit open source sur étagère e...