Search Results for "exercise"

BadBlood is a PowerShell toolkit that programmatically populates a Microsoft Active Directory domain with a realistic, large-scale structure of OUs, users, groups, computers, and permissions so defenders and testers can practice discovery, hardening, and incident response on a lifelike environment. It intentionally randomizes its output on every run so the created domain, objects, and ACL relationships are different each time, which helps teams exercise tooling and detection logic against varied scenarios. The project is driven by a single entry script (Invoke-BadBlood.ps1) and a collection of modular components that create OUs, seed users and groups, set ACLs, configure LAPS scenarios, and generate other attack/defense artifacts for lab use. Because it modifies a real AD forest, BadBlood requires high privileges (Domain Admin and Schema Admin) to run and the README warns strongly that it is not responsible for cleanup if used in production.

...It builds a domain controller (or augments an existing AD installation) with a variety of common misconfigurations and intentional weaknesses so practitioners can exercise attack techniques such as Kerberoast, AS-REP roast, DCSync, Pass-the-Hash, Silver/Golden Ticket attacks, and more. The project can create user objects with default or weak passwords, inject passwords into object descriptions, disable SMB signing, and manipulate ACLs to reproduce real-world privilege escalation and persistence scenarios. ...