Skip to main content

GOAD (Game of Active Directory)

These writeups, in this category, concern GOAD, an attack environment made by Orange Cyberdefense

Here is the associated github: https://github.com/Orange-Cyberdefense/GOAD/

The goal? Having an AD environment with vulnerabilities to test and exploit them.

The writeups in this category will be organized in "paths". Each path exploiting a new different flaw, or another way to exploit it

Here is an inventory of articles for GOAD:

Index

ArticleDescriptionLink
Installation
  • Installation of GOAD
  • Installation
    • Enumeration
  • SMB enumeration
  • RPC enumeration
  • Nmap scans
  • Enumeration
    • P1 - 1st path
  • Initial access with password in description
  • Exploitation of "WriteDACL" on a GPO
  • Antivirus bypass
  • Use of a Havoc C2 server
  • Inter-domain privilege escalation with Golden Ticket
  • Part 1
  • Part 2 - Havoc
  • Final Part