GOAD
GOAD is a pentest active directory LAB project that provides pentesters with a vulnerable Active Directory environment to practice attack techniques. The lab includes different versions like GOAD (5 vms, 2 forests, 3 domains), GOAD-Light (3 vms, 1 forest, 2 domains), SCCM (4 vms, 1 forest, 1 domain with Microsoft Configuration Manager), and NHA (a challenge with 5 vms and 2 domains). The lab requires about 77GB of space for VMs and a total of ~115 GB for the entire lab.
FEATURES
SIMILAR TOOLS
A comprehensive malware-analysis tool that utilizes external AV scanners to identify malicious elements in binary files.
A tool that exposes the functionality of the Volume Shadow Copy Service (VSS) for creation, enumeration, and manipulation of volume shadow copies, with features for persistence and evasion.
Pupy is a cross-platform C2 and post-exploitation framework for remote access and control of compromised systems across various operating systems.
A collection of resources for practicing penetration testing
CredMaster enhances password spraying tactics with IP rotation to maintain anonymity and efficiency.
An image with commonly used tools for creating a pentest environment easily and quickly, with detailed instructions for launching in a VPS.
A script to enumerate Google Storage buckets and determine access and privilege escalation
A collection of tests for Local File Inclusion (LFI) vulnerabilities using Burp Suite.
Tool for randomizing Cobalt Strike Malleable C2 profiles to evade static, signature-based detection controls.
PINNED
Mandos
Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.
Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.