XM Goat is composed of XM Cyber terraform templates that help you learn about common Azure security issues.
Each template is a vulnerable environment, with some significant misconfigurations. Your job is to attack and compromise the environments.
Here’s what to do for each environment:
Run these commands:
$ az login
$ git clone https://github.com/XMCyber/XMGoat.git
$ cd XMGoat
$ cd scenarios
$ cd scenario_<\SCENARIO>
Where <\SCENARIO> is the scenario number you want to complete
$ terraform init
$ terraform plan -out <\FILENAME>
$ terraform apply <\FILENAME>
Where <\FILENAME> is the name of the output file
To get the initial user and service principal credentials, run the following query:
$ terraform output --json
For Service Principals, use application_id.value and application_secret.value.
For Users, use username.value and password.value.
After completing the scenario, run the following command in order to clean all the resources created in your tenant
$ az login
$ cd XMGoat
$ cd scenarios
$ cd scenario_<\SCENARIO>
Where <\SCENARIO> is the scenario number you want to complete
$ terraform destroy
Introduction Google Dorking is a technique where advanced search operators are used to uncover information…
Introduction In cybersecurity and IT operations, logging fundamentals form the backbone of monitoring, forensics, and…
What is Networking? Networking brings together devices like computers, servers, routers, and switches so they…
Introduction In the world of Open Source Intelligence (OSINT), anonymity and operational security (OPSEC) are…
Introduction As cyber threats grow more sophisticated, organizations need more than just firewalls and antivirus…
Introduction When it comes to cybersecurity and ethical hacking, one of the most effective ways…