GOAD: Vulnerable Active Directory environment for practicing attack techniques

Game of Active Directory (GOAD) is a free pentesting lab. It provides a vulnerable Active Directory environment for pen testers to practice common attack methods.

GOAD-Light: 3 vms, 1 forest, 2 domains

“When the Zerologon vulnerability surfaced, it highlighted our urgent need for a test lab at work. Furthermore, a training lab became essential to adequately prepare our new pentesters for internal assessments. It’s clear: necessity was the birthplace of this idea,” Mayfly, pentester at Orange Cyberdefense and creator of GOAD, told Help Net Security.

“The community’s feedback has been overwhelmingly positive. I’ve heard of educators in Australia and Brazil repurposing the lab for their classes — an opportunity I wish I’d had during my studies. Many, including my colleagues, utilize it to practice both classic and emerging attack techniques and to prep for specialized certifications like OSCP, CRTE, and OSEP, ”

Requirements and download

The total space needed for the lab is ~115 GB (and more if you take snapshots). GOAD is available for free on GitHub.

Important to keep in mind: GOAD is highly vulnerable. Refrain from reusing recipes to construct your environment and never deploy this setting on the internet without ensuring it’s isolated.

Must read:

• 15 open-source cybersecurity tools you’ll wish you’d known earlier
• 20 essential open-source cybersecurity tools that save you time