About breakingbAD
breakingbAD is a platform for cybersecurity enthusiasts to conduct vulnerability research in an easy and fast way. The current laboratory is Active Directory oriented.
breakingbAD GitHub repository.
Motivation
As a pentester, a handy environment for testing purposes is key. I decided to dive into the creation of a laboratory in a similar way as GOAD (Game of Active Directory) was made. Since I wanted to customize as much as possible what I wanted to test, I decided to create breakingbAD for that matter.
Main credits
This project wouldn’t exist without GOAD (Game of Active Directory). My laboratory is inspired by it (credits to Mayfly) and I strongly recommend giving it a try.
How does it work?
Briefly, we use Vagrant to create raw Windows virtual machines without configurations [1].
We then use Ansible to inject minimal configurations, this is what I call a base build [2]. The main goal here is to configure them to have the necessary dependencies (ADDS, ADCS…) for the vulnerabilities to be added smoothly.
Once the base build is set up, machines are ready to receive more important configurations (with Ansible again) [3]. We could for example change the keyboard layout to French of a virtual machine. We could also add vulnerabilities based on their ID, either one by one or all at once.
This idea of having different steps was motivated by the need to have a platform that is ready without having to wait for long.
As for the vulnerabilities, for each of them, you’ll have at least 2 possibilities.
Enable: enable the vulnerability (installing or adding what it needs to work).
Disable: disable the vulnerability (uninstalling or removing what it needs to not work anymore).
Trigger: trigger a reaction for the vulnerability to manifest itself (for example a network request using a protocol like IPv6).
What are the tools used?
The laboratory make use of the following tools: