GOAD
the_cyber_plumbers_handbook
GOAD | the_cyber_plumbers_handbook | |
---|---|---|
20 | 26 | |
4,343 | 2,503 | |
5.8% | - | |
9.1 | 1.8 | |
7 days ago | over 2 years ago | |
PowerShell | ||
GNU General Public License v3.0 only | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
GOAD
- Failed the OSCP 😞
-
Ethical Hacking / Pentest Lab
Here is one project that is built out to build a domain environment: https://github.com/Orange-Cyberdefense/GOAD
-
Interview preparation guide for AD pentesting?
Have a look at https://github.com/Orange-Cyberdefense/GOAD. You can learn a lot of AD pentesting techniques there. Should be enough for entering any AD related role.
- Can anyone describe their red team infrastructure?
-
OSCP AD labs
OSCP AD environment is not a hard one but just to make yourself comfortable, I would recommend you to try this awesome lab with almost every scenario and tool: Game of Active Directory: https://github.com/Orange-Cyberdefense/GOAD
-
Help setting up an AD test lab in proxmox for thesis
I have already considered using an automated script like https://github.com/Orange-Cyberdefense/GOAD but I do not see support for Proxmox.
- Uvod v enumeracijo AD okolja
- Git for TF scripts to build lab env?
-
AD test environment
https://github.com/Orange-Cyberdefense/GOAD is a great for learning AD
-
Active Directory Security Tools
GameOfAD - vulnerable AD environment - https://github.com/Orange-Cyberdefense/GOAD
the_cyber_plumbers_handbook
-
Pre-OSCP Knowledge
Tunnelling, port forward, proxying, and pivoting
-
[q]uestion? What is the most secure way to remote access to home lab?
If you really want to get deep into what SSH can do, I heartily recommend The Cyber Plumber's Handbook. It's an excellent resource!
-
That's nice. I don't care
And: https://github.com/opsdisk/the_cyber_plumbers_handbook
- Confused on Port forward/pivot knowledge needed for exam
- GitHub - opsdisk/the_cyber_plumbers_handbook: Free copy of The Cyber Plumber's Handbook
- Free copy of The ssh Plumber's Handbook
- Free book: The Cyber Plumber's Handbook
-
Free book to master SSH tunneling concepts
From the very first paragraph of the README:
> This repo contains the PDF book The Cyber Plumber's Handbook - The definitive guide to Secure Shell (SSH) tunneling, port redirection, and bending traffic like a boss. The book was first published in October 2018 for purchase, but now I'm providing it for FREE to anyone interested in learning more about the magic of SSH tunnels and port redirection.
The license is a CC license. https://github.com/opsdisk/the_cyber_plumbers_handbook/blob/...
-
Hacker News top posts: Jan 15, 2022
Free book to master SSH tunneling concepts\ (0 comments)
What are some alternatives?
vulnerable-AD - Create a vulnerable active directory that's allowing you to test most of the active directory attacks in a local lab
Infosec_Reference - An Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.
DetectionLab - Automate the creation of a lab environment complete with security tooling and logging best practices
tailscale - The easiest, most secure way to use WireGuard and 2FA.
BadBlood - BadBlood by @davidprowe, Secframe.com, fills a Microsoft Active Directory Domain with a structure and thousands of objects. The output of the tool is a domain similar to a domain in the real world. After BadBlood is ran on a domain, security analysts and engineers can practice using tools to gain an understanding and prescribe to securing Active Directory. Each time this tool runs, it produces different results. The domain, users, groups, computers and permissions are different. Every. Single. Time.
MicrosoftWontFixList - A list of vulnerabilities or design flaws that Microsoft does not intend to fix. Since the number is growing, I decided to make a list. This list covers only vulnerabilities that came up in July 2021 (and SpoolSample ;-))
Splunk-In-The-Cloud-Setup - How-to on setting up splunk in Azure
awesome-oscp - A curated list of awesome OSCP resources
red_team_attack_lab - Red Team Attack Lab for TTP testing & research
tmate - Instant Terminal Sharing
Responder - Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication.
pr0cks - python script setting up a transparent proxy to forward all TCP and DNS traffic through a SOCKS / SOCKS5 or HTTP(CONNECT) proxy using iptables -j REDIRECT target