Introduction
Offshore is a real-world enterprise environment that features a wide range of modern Active Directory flaws and miss configuration. Offshore Corp is mandated to have quarterly penetration tests per financial regulatory body compliance requirements, and are focused on patching. The company has completed several acquisitions, with the acquired entities being “plugged in” by means of domain trusts.
If you are able to breach the perimeter and gain a foothold, you are tasked to explore the corporate environment, pivot across trust boundaries, and ultimately attempt to compromise all Offshore Corp entities.
Offshore will test your understanding of Active Directory enumeration, exploitation, and post-exploitation as well as lateral movement, pivoting, and modern web application attacks. Some flags are required to advance through the lab, while others are side-quests that reinforce enumeration and post-exploitation skills. Players can submit flags to earn their place in the Offshore Hall of Fame, and collect badges along the way at certain checkpoints.