Fluffy is an easy Windows machine where initial credentials and CVE-2025-24071 lead to further user access, Active Directory enumeration, and ultimately Administrator compromise.
Cicada is an excellent beginner-friendly Windows box designed for those new to Windows pentesting, without requiring any knowledge of Active Directory or its attack vectors and strategies. It focuses on the early stages of enumeration, which are essential for tackling more advanced machines, as well as some basic manual checks you can perform once you obtain a user shell.
