auto/attack

Domain Admin.
All three domains.
Under a minute.

GOAD — Game of Active Directory — is the standard proving ground: two forests, three domains, five Windows hosts. The win condition is total compromise of every domain. We put AutoAttack on the same lab as the tools that claim this ground, and measured one thing — how fast each reaches it. A lab built to be broken, not a customer network.

Deploy
Hardened
NodeZero
automated pentest
AutoAttack
autonomous adversary
Time to 3/3 Domain Admin
14m 00s
0:51
Domains reached
3 of 3
3 of 3
Independent runs
1 published
10

Same hardened GOAD spec NodeZero published — Windows Defender enabled, LLMNR disabled, Windows patched through March 2026. AutoAttack: median of 10 independent runs, fresh rollback each time, range 0:28 to 1:01. NodeZero published its 14:00 result in August 2025 — the same objective, reached about 16× faster on identical ground.

Black-box
Nessus Professional
exposure inventory
AutoAttack
autonomous adversary
Run time
24m 04s
2m 37s
First Domain Admin
not reached
0:41
Domains compromised
0 of 3
3 of 3
Credentials recovered
0
124
Confirmed compromise
none
3 Domain Admin

Black-box comparison: neither tool was given credentials. Same GOAD vanilla snapshot, same network position, 2026-06-24.

method
same start Every tool began from the same network position with no credentials, against the same lab. Only the tool changed.
vs nodezero Hardened GOAD, ten runs, every step of the chain
vs nessus The same vanilla snapshot, black-box, no credentials
Set a goal