GOAD

GOAD is an Ansible-based automation tool and infrastructure orchestrator used to deploy pre-configured networks of vulnerable Windows virtual machines. It serves as a security training environment for practicing Active Directory penetration testing, privilege escalation, and lateral movement across various cloud platforms and local virtualization hypervisors.

The project distinguishes itself through a multi-provider infrastructure model and a system of infrastructure recipes that simulate intentional security misconfigurations. It supports the deployment of varied attack scenarios, including vulnerable Active Directory environments, Exchange servers, and SCCM setups, while allowing for custom lab extensions and tiered inventory overrides to adapt the environment to specific provider settings.

Broad capabilities include the provisioning of blue team monitoring stacks with EDR solutions and centralized logging for security event analysis. It also provides network access utilities such as SSH jumpboxes and SOCKS proxies to route attack traffic into isolated segments, and simulates specific security challenges like database impersonation and access control list manipulation.

Features

Vulnerable Lab Environments - Provisions a pre-configured network of Windows virtual machines with intentional Active Directory misconfigurations.

Simulation Recipes - Provides a collection of infrastructure recipes for simulating misconfigured Active Directory environments.

Red Team and Offensive Security - Creates intentional security misconfigurations and attack scenarios for training professionals in offensive security.

Security Labs and Practice - Provides automated deployment of complex virtual networks and target machines for hands-on security training.

Vulnerable Training Environments - Provisions targeted networks with intentional vulnerabilities to practice privilege escalation and lateral movement.

Virtual Machine Provisioning - Automates the creation and configuration of Windows virtual machines across various hypervisors and cloud platforms.

Ansible Modules - Uses Ansible modules and playbooks to orchestrate the deployment of vulnerable virtual machine networks.

Vulnerable Infrastructure - Sets up networks of virtual machines with known weaknesses for security research and penetration testing practice.

Automated Provisioning - Automates the deployment of pre-configured networks of Windows virtual machines using Ansible playbooks.

Active Directory Attacks - Provides vulnerable Windows environments specifically designed to practice Active Directory attack vectors.

Blue Team and Defensive Security - Deploys EDR and log aggregation stacks to simulate blue team detection and response operations.

Endpoint Security - Configures workstations with restrictions like blocked LSASS stealing to emulate a hardened endpoint environment.

Infrastructure Provisioning Recipes - Defines infrastructure requirements as modular recipes combining virtual machine specifications with sequential configuration tasks.

Provider Abstractions - Decouples infrastructure logic from specific hypervisors and cloud platforms using a common set of configuration templates.

Deployment Configuration - Allows tailoring the environment by configuring the virtualization provider, IP range, and deployment method.

Extensible Provider Frameworks - Allows integrating new virtualization or cloud platforms via provider classes and configuration templates.

Multi-Cloud Orchestrators - Orchestrates the deployment of security testing environments across various cloud platforms and local hypervisors.

Tiered Configuration Inventories - Organizes network and host variables in a hierarchy to allow provider-specific overrides of global settings.

Email Server Simulations - Allows adding resource-heavy Windows machines to simulate vulnerable Exchange email servers.

Lab Scaling Options - Provisions pre-configured networks of Windows virtual machines in varying sizes to simulate diverse AD environments.

Lab Topology Definitions - Enables specifying virtual machine groups and networking variables to build custom vulnerable network topologies.

Lightweight Lab Profiles - Provisions a minimal Active Directory environment with a reduced memory footprint.

SCCM Simulation Labs - Provisions a network including a domain controller and SQL server to practice attacks against SCCM.

Service Exploitation Labs - Provides virtual machines running MSSQL and IIS to practice impersonation and trusted link attacks.

Targeted Attack Scenarios - Sets up specialized environments, including configuration management systems, to practice specific exploitation techniques.

Functional Network Topologies - Builds complex network topologies by grouping virtual machines into functional roles like domain controllers and workstations.

Access Control Lists - Allows testing privilege escalation and permission abuse by modifying misconfigured user and group access rights.

EDR Deployments - Installs a security monitoring server and deploys agents to all domain computers to detect and respond to threats.

Simulated Vulnerabilities - Provisions users and groups with specific ACL vulnerabilities to practice privilege escalation.

Centralized Logging Systems - Provisions a centralized Kibana instance to collect and visualize security events occurring across the network.

Lab Environments - Provides optional installation playbooks to add specialized services and security tools to the lab environment.

Lab Instance Automation - Automates the creation of dedicated folders containing the recipes, configuration files, and keys needed to launch a network.

Security Event Monitoring - Integrates EDR and log aggregation tools to visualize security alerts and analyze system logs during attacks.

Security Lab Environments - Automated lab environment for testing Active Directory attacks.

Vulnerable Systems and Mobile - Vulnerable Active Directory lab for practicing attack techniques.

Vulnerability Labs - Active Directory lab environment for practicing attack techniques.

Orange-CyberdefenseGOAD

Features

Star history