Closed architect00 closed 4 years ago
davidprowe
commented
4 years ago Sounds like you would be looking for an automated active directory training class. Its a very nice end goal to have for any tool. I'd love to be able to provide AD training as a SaaS.
architect00
commented
4 years ago That is exactly what this feature is about.
In order to start out I would use this list https://www.cert.ssi.gouv.fr/uploads/guide-ad.html and generate a domain, which meets the requirements of the assessment checks. Afterwards BadBlood Core manipulates the objects. This procedure (secure->insecure) is often used in creating CTF challenges to ensure that a vulnerability can only be exploited in a predefined way.
Manipulating Kerberos DES_KEY options
USE_DES_KEY_ONLY is unset in AccountControlUSE_DES_KEY_ONLY is set in AccountControlFind users with USE_DES_KEY_ONLY set and remove it.
With that being said, I would love to support/help and see this being made.
Hi David,
I stumbled upon your tool while searching for training resources for blue teamers. I love the idea of creating a deliberately vulnerable Active Directory environment. I would like to discuss a feature suggestion:
It would be interesting to work towards a known-good state of the domain. A predefined state of how the domain should look like in the end. This way trainees can reflect on gaps of their applied changes and the predefined result of the known-good state.
Usage of BadBlood in training sessions would look like this:
I guess the problem on implementing a known-good state is, that the domain objects are not setup with any special permissions at the beginning. According to the current code in
InvokeBadBlood.ps1the permissions are set in the last step (https://github.com/davidprowe/BadBlood/blob/1693bee1089f5d24ded8ee50ac01e43bc9455589/Invoke-BadBlood.ps1#L97). This means the freshly generated AD-Objects before this line have no special permission setup and the setup does not represent any real world experience.What do you think about this feature?