feat: introduce live scoreboard feature and add new ansible roles#154
Merged
Conversation
Real-time Rich TUI that tracks agent progress against a GOAD AD lab by polling report.jsonl via local file or AWS SSM transport. - Flat module structure (no subpackages) - Answer key generator from GOAD config.json - Two-phase verifier: credentials → inferred hosts/domains/techniques - SSM transport with actionable ConnectionError messages - --restart flag to clear report file before launching - Agent prompt template for JSONL reporting format Co-Authored-By: Claude <noreply@anthropic.com>
Contributor
|
@mkultraWasHere If we are considering going the TUI route, we should do it in the go cli vs. having to maintain separate python code. |
Contributor
Author
@l50 Yea still just playing around with it. Not at all in form. |
**Changed:** - Updated .gitignore to exclude scoreboard/answer_key.json, preventing accidental commits of generated answer keys **Removed:** - Deleted scoreboard/answer_key.json from version control to ensure sensitive or auto-generated answer data is not tracked
…fication **Added:** - Implement scoreboard CLI commands for generating answer keys, running live verification, and demo rendering (`cli/cmd/scoreboard.go`) - Add scoreboard domain logic for answer key generation from GOAD config, including objective extraction for credentials, hosts, domains, and techniques (`cli/internal/scoreboard/generate.go`) - Provide demo findings and report generation for sample status board rendering (`cli/internal/scoreboard/demo.go`) - Implement local and SSM-based transport backends for fetching/deleting agent reports, including gzip+base64 handling to bypass SSM stdout limits (`cli/internal/scoreboard/transport.go`) - Add Ares transport for remote ares operation integration via SSM, including Redis technique exploitation extraction (`cli/internal/scoreboard/transport_ares.go`) - Implement Bubbletea-based TUI for live scoreboard rendering, including color-coded groupings and dynamic poll state (`cli/internal/scoreboard/tui.go`) - Define types for objectives, findings, answer keys, and status verification reports (`cli/internal/scoreboard/types.go`) - Add verification engine to match findings to answer key objectives, infer host/domain/technique completion, and parse agent reports (`cli/internal/scoreboard/verify.go`) - Add unit tests for report parsing and end-to-end verification logic (`cli/internal/scoreboard/verify_test.go`) - Add Bubbletea and Lipgloss dependencies, along with supporting indirect dependencies, to `go.mod` and `go.sum` **Changed:** - Update `go.mod` and `go.sum` to include new dependencies required for the scoreboard, TUI, and transport layers, such as Bubbletea, Lipgloss, and supporting Charmbracelet and terminal libraries
…rd TUI **Changed:** - Fixed key binding handling by replacing "ctrl-c" with "ctrl+c" in the key event switch to match the correct input string - Updated the on-screen instructions from "q/ctrl-c quit · r poll now" to "q/ctrl-c quit · r reload" for clarity in the scoreboard TUI
…data **Added:** - keepass role for installing KeePass password manager on Windows hosts, including `README.md` and `meta/main.yml` with role variables, requirements, and platform support - klink role for installing klink (PuTTY's command-line SSH client) on Windows hosts, including `README.md` and `meta/main.yml` with role variables, requirements, and platform support **Changed:** - updated `.gitignore` to clarify that the scoreboard answer key is generated by `dreadgoad scoreboard generate-key` instead of the old script - improved `.hooks/docsible-hook.sh` to skip non-role directories by checking for the presence of `tasks/main.yml` or `tasks/main.yaml` **Removed:** - removed the entire `scoreboard` directory including all source code, documentation, requirements, and scripts for the DreadGOAD scoreboard functionality
dreadnode-renovate-bot
Bot
added
area/pre-commit
…e, SID history **Added:** - Added detection and extraction of ADCS ESC1, ESC2, ESC3 (including ESC3-CRA), ESC4, and ESC9 techniques via new `vulns_adcs_templates` field and supporting mapping logic in scoreboard generator - Added mapping and extraction for LAPS password read (both domain- and host-level), gMSA password read, GPO abuse, SID history abuse, RBCD, and shadow credentials techniques - Added comprehensive test (`TestAnswerKeyGroundTruth`) asserting presence of all expected technique objectives and key host admin/credential properties in the generated answer key **Changed:** - Expanded and clarified documentation for GOAD vulnerabilities, especially around ADCS template attacks, MSSQL impersonation paths, AS-REP roasting, Kerberoasting, password policies, and cross-forest relationships - Improved host admin extraction to fully resolve group memberships (including nested and cross-domain groups) for local Administrators and MSSQL sysadmins, ensuring only true user members are listed as admins - Enhanced scoreboard technique extraction logic to account for indirect MSSQL EXECUTE AS LOGIN impersonation chains, accurately granting admin when a login can impersonate a sysadmin - Updated context usage in scoreboard run command to use the cobra command's context - Refined test coverage and updated user/technique expectations to match new extraction logic **Removed:** - Removed fallback to treating group placeholders (like DragonRider, greatmaster) as users in admin lists; now only actual user members are included
…board **Added:** - Added extraction of ADCS custom template techniques (ESC1, ESC2, ESC3, ESC3-CRA, ESC4, ESC9) from `vulns_adcs_templates` in host configs - Implemented new helper functions to accurately resolve and expand host admin users, including nested and cross-domain group membership - Added detection and extraction for new techniques: GPO abuse, SID history abuse, LAPS password read, gMSA password read, RBCD, and shadow credentials, based on host and domain attributes - Added comprehensive scoreboard verification tests to assert all expected techniques and correct admin extraction **Changed:** - Refactored host admin extraction in scoreboard generation to use new logic that expands group memberships and MSSQL sysadmin chains - Switched scoreboard transport and Ares transport to use `bytes.NewReader` instead of `strings.NewReader` for gunzipping base64-encoded reports - Improved technique mapping in `aresExploitedToTechniqueIDs` to include new techniques and correct previous ESC mapping - Enhanced domain technique extraction to handle ACL-based techniques and per-host LAPS detection - Updated documentation to list all ADCS custom templates deployed on meereen **Removed:** - Inlined host admin and service extraction logic from `extractHosts` and replaced with modular helper functions for clarity and maintainability
dreadnode-renovate-bot
Bot
added
lab/GOAD
l50
changed the title
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Key Changes:
scoreboardsubsystem with TUI, answer key generation, and agent report verificationAdded:
cli/cmd/scoreboard.goandcli/internal/scoreboard/) with commands to generate answer keys, run a live TUI, and demo sample boardsansible/roles/keepass/): includesREADME.mdandmeta/main.ymlansible/roles/klink/): includesREADME.mdandmeta/main.ymlscoreboard/agent_prompt.md) to guide users in recording findings for the scoreboardChanged:
.gitignoreupdated to exclude generated scoreboard answer keys.hooks/docsible-hook.shimproved to skip non-role directories for documentation checksad/GOAD/data/config.jsonupdated with newvulns_adcs_templatesfield for Meereen host to track deployed ADCS template vulnerabilitiescli/go.modandcli/go.sum(notably Bubbletea, Lipgloss, AWS, Azure, and supporting libraries)docs/GOAD-vulnerabilities-comprehensive.mdanddocs/domains-and-users.mdfor accuracy, reflecting new and existing ADCS templates and attack pathstemplate/provider/azure/main.tfbumped azurerm provider version to 4.72.0Removed: