vulnerable-AD
Create a vulnerable active directory that's allowing you to test most of the active directory attacks in a local lab (by safebuffer)
BadBlood
BadBlood by @davidprowe, Secframe.com, fills a Microsoft Active Directory Domain with a structure and thousands of objects. The output of the tool is a domain similar to a domain in the real world. After BadBlood is ran on a domain, security analysts and engineers can practice using tools to gain an understanding and prescribe to securing Active Directory. Each time this tool runs, it produces different results. The domain, users, groups, computers and permissions are different. Every. Single. Time. (by davidprowe)
| vulnerable-AD | BadBlood | |
|---|---|---|
| 14 | 10 | |
| 1,870 | 1,906 | |
| - | - | |
| 0.0 | 0.0 | |
| 20 days ago | 11 months ago | |
| PowerShell | PowerShell | |
| MIT License | GNU General Public License v3.0 only |
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
vulnerable-AD
Posts with mentions or reviews of vulnerable-AD.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2022-12-09.
-
Student 1 Year out from Grad overwhelmed
At one he also mentions Vulnerable-AD, which might be helpful when learning how to identify and respond to AD attacks. This might give you an idea of what other areas/components to focus on with your projects. Good luck!
-
Active Directory Security Tools
VulnerableAD - perfect for creating a vulnerable AD environment - https://github.com/WazeHell/vulnerable-AD
- Failed with 60 points (with Lab report) in first attempt
- Virtual AD environmnet to play with Bloodhound
-
Vulnerable Machines
This is a pretty cool project: https://github.com/WazeHell/vulnerable-AD
-
Test in one month, kinda gave up but also don't want to skip the test nor do I want to completely bomb. I want to at least try, what are some good resources that are either cheaper/free to prepare?
https://github.com/WazeHell/vulnerable-AD for active directory 4 days.
- Can you recommend good active directory labs?
- Need resources for BO and AD study
-
Vulnerable Active Directory Domain Controller for you to attack! Easy, with tools loaded
I created a vulnerable domain controller. I used wazehell's powershell script, so you can do all kinds of attacks.
-
[HELP] :: AD LAB SETUP
I setup automated Chris Longs Detection Lab, to quickly spin up AD environment, AND i took WazeHell's Vulnerable-ad scripts to make the lab vulnerable to all kinds of attacks. Easy and effective lab with a domain controller, 2 servers and a windows 10 client.
BadBlood
Posts with mentions or reviews of BadBlood.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2023-05-27.
-
Powershell error message help from using Powerview.ps1
If you want to try more of this kind of stuff or explore what you can find with PowerSploit I can recommend running BadBlood on your DC (after taking a snapshot) https://github.com/davidprowe/BadBlood It creates a bunch of randomized users, groups, OUs, SPNs and stuff.
- Need to setup AD lab for praticing..
- Failed with 60 points (with Lab report) in first attempt
- Virtual AD environmnet to play with Bloodhound
- Active directory scripts for setting a lab?
-
Complex AD Lab
you may want to check out something like this. https://github.com/davidprowe/BadBlood
- BadBlood fills a Microsoft Active Directory Domain with a structure and thousands of objects. The output of the tool is a domain similar to a domain in the real world. After BadBlood is ran on a domain, security analysts and engineers can practice using tools...
- There was a resource I found a while ago, a GitHub repo with scripts for setting up vulnerable AD configurations for a home lab. Does anyone know the one?
- Active directory pen testing lab
-
Cybersecurity physical labs
take a look at https://github.com/microsoft/MSLab, you can install Hyper-V 2019 server and use the scenarios to create a lab to your liking. I'm using this approach to establish a stable/consistent starting point for an AD environment with OUs, computers, groups, and users generated randomly by https://github.com/davidprowe/BadBlood to gauge the differences in logging and detection fidelity between different EDR solutions.
What are some alternatives?
When comparing vulnerable-AD and BadBlood you can also consider the following projects:
GOAD - game of active directory
AutomatedLab - AutomatedLab is a provisioning solution and framework that lets you deploy complex labs on HyperV and Azure with simple PowerShell scripts. It supports all Windows operating systems from 2008 R2 to 2022, some Linux distributions and various products like AD, Exchange, PKI, IIS, etc.
DVWA - Damn Vulnerable Web Application (DVWA)
DetectionLab - Automate the creation of a lab environment complete with security tooling and logging best practices
WSLab - Azure Stack HCI, Windows 10 and Windows Server rapid lab deployment scripts
Testimo - Testimo is a PowerShell module for running health checks for Active Directory against a bunch of different tests
ADLab - Custom PowerShell module to setup an Active Directory lab environment to practice penetration testing.
Minimalistic-offensive-security-tools - A repository of tools for pentesting of restricted and isolated environments.
red_team_attack_lab - Red Team Attack Lab for TTP testing & research
vulnerable-AD vs GOAD
BadBlood vs AutomatedLab
vulnerable-AD vs DVWA
BadBlood vs GOAD
vulnerable-AD vs DetectionLab
BadBlood vs DetectionLab
vulnerable-AD vs AutomatedLab
BadBlood vs WSLab
vulnerable-AD vs Testimo
BadBlood vs ADLab
vulnerable-AD vs Minimalistic-offensive-security-tools
BadBlood vs red_team_attack_lab