Technical requirements
To follow along, at a minimum, you will need access to a Bash shell. To perform the demonstrated exercises, you will need to build the Game of Active Directory (GOAD) lab. You can find GOAD at https://github.com/Orange-Cyberdefense/GOAD.
GOAD is an Active Directory exploitation lab. If you’re not familiar with Active Directory, it’s a system for managing a large number of related Microsoft Windows systems. The default Windows and Active Directory configurations frequently have vulnerabilities that can be exploited. There are additional exploitable misconfigurations in the lab beyond default settings. The Active Directory vulnerabilities in the GOAD lab are frequently found on internal network pentests, making this one of the best labs for practice or for testing new pentest tools.
I use Ludus to deploy my GOAD lab. I run a Ludus server, and on the client side (my laptop), I use the Ludus client to automate building, starting, and stopping...
