EntraGoat - A Deliberately Vulnerable Entra ID Environment

EntraGoat is a deliberately vulnerable Microsoft Entra ID infrastructure for security professionals. Deploy real-world identity misconfigurations and privilege escalation paths in your own tenant, then practice exploiting them in a safe, black-box CTF format.

📖 Documentation | 📝 Blog Posts

Quick Start

Prerequisites

Microsoft Entra ID test/trial tenant with Global Administrator
Microsoft Graph PowerShell SDK

Option A: PowerShell GUI (recommended, no Node.js)

git clone https://github.com/Semperis/EntraGoat && cd EntraGoat
Install-Module Microsoft.Graph -Scope CurrentUser -Force
.\Start-EntraGoat.ps1

Requires Windows (WPF). Works on PowerShell 5.1+ and 7+.
Zoom: Ctrl+Plus / Ctrl+Minus / Ctrl+0

Option B: Web UI

git clone https://github.com/Semperis/EntraGoat && cd EntraGoat
Install-Module Microsoft.Graph -Scope CurrentUser -Force
cd frontend && npm install && npm start

Open http://localhost:3000

Option C: Manual scripts

cd scenarios
.\EntraGoat-Scenario1-Setup.ps1

See docs/getting-started.md for detailed setup instructions.

Challenges

#	Name	Difficulty
1	Misowned and Dangerous — Owner's Manual to Global Admin	Beginner
2	Graph Me the Crown (and Role)	Beginner
3	Group MemberShipwreck — Sailed into Admin Waters	Beginner
4	I (Eligibly) Own That	Intermediate
5	Department of Escalations - AU Ready for This?	Advanced
6	CBA (Certificate Bypass Authority) - Root Access Granted	Advanced

Each scenario includes a setup script, cleanup script, solution walkthrough, and a hidden flag.

Screenshots

PowerShell GUI (recommended)

Home

Challenge

Terminal Output

Setup	Cleanup

Web UI (alternative)

Dashboard	Challenge

Presented at

Black Hat USA 2025 — Arsenal
DEF CON 33 — Demo Labs
BSides Frankfurt 2025
SEC-T 0x11
Black Hat SecTor 2025 — Arsenal
Black Hat Europe 2025 — Arsenal
Black Hat Asia 2026 — Arsenal

Resources

⚠️ Disclaimer

For educational and authorized testing only. Use a dedicated test tenant. See LICENSE for full terms. The authors assume no liability for misuse.

Happy Hunting! — The EntraGoat Team

Name		Name	Last commit message	Last commit date
Latest commit History 55 Commits
EntraGoatGUI		EntraGoatGUI
assets		assets
attackpathimages		attackpathimages
cleanups		cleanups
docs		docs
frontend		frontend
icons		icons
scenarios		scenarios
screenshots		screenshots
solutions		solutions
.gitignore		.gitignore
CLAUDE.MD		CLAUDE.MD
LICENSE		LICENSE
README.md		README.md
Start-EntraGoat.ps1		Start-EntraGoat.ps1

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

EntraGoat - A Deliberately Vulnerable Entra ID Environment

Quick Start

Prerequisites

Option A: PowerShell GUI (recommended, no Node.js)

Option B: Web UI

Option C: Manual scripts

Challenges

Screenshots

PowerShell GUI (recommended)

Terminal Output

Web UI (alternative)

Presented at

Resources

⚠️ Disclaimer

About

Uh oh!

Releases

Packages

Uh oh!

Uh oh!

Contributors

Uh oh!

Languages

Folders and files

Latest commit

History

Repository files navigation

EntraGoat - A Deliberately Vulnerable Entra ID Environment

Quick Start

Prerequisites

Option A: PowerShell GUI (recommended, no Node.js)

Option B: Web UI

Option C: Manual scripts

Challenges

Screenshots

PowerShell GUI (recommended)

Terminal Output

Web UI (alternative)

Presented at

Resources

⚠️ Disclaimer

About

Resources

License

Contributing

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Uh oh!

Uh oh!

Contributors

Uh oh!

Languages

Packages