Build your network. Simulate real attack paths.
Watch adversaries move — then hunt them down.
Adversary Mode Hunter Mode 4-Phase Kill Chain Real TTPs Edge Cutting Noise Decoys
wgd.ai
! 0 pwned H 0 0
GHOSTPATH
Right-click canvas · Use tools on left · SIMULATE ATTACK
LEGEND
User / Attacker
Workstation
Domain Controller
Cloud VM
Service Account
Database
Web Server
Firewall
Compromised
HHunter agent
?Noise decoy
 Entry point
 Target / exit
Click a node
to inspect it
›_ Event Log 0 events
Run a simulation
to see events here
GHOSTPATH
ATTACK PATH VISUALIZER · wgd.ai
Ghostpath is a browser-based adversary simulation and attack path visualizer. Build a corporate network map, trace real kill-chain TTPs across four phases, and watch an attacker move from initial access all the way to data exfiltration — then switch to Hunter Mode to deploy detection agents and sever the path before the breach completes. No install, no build step, no backend. Runs entirely in your browser.
Two Modes
ATK
Adversary Mode
Think like an attacker. Build or load a corporate network, then run the 4-phase kill chain simulation. Watch each hop light up in real time with the specific TTP being used — credential spray, Kerberoasting, DCSync, cloud pivot, data exfiltration. Add noise decoys to simulate defender confusion.
DEF
Hunter Mode
Think like a defender. Deploy hunter agents (H) on nodes before the simulation starts — agents within detection range will automatically flag suspicious activity. During simulation, click any glowing active edge to cut the attack path in real time. Race the adversary before they reach the target.
4-Phase Kill Chain
Initial Access — Credential spray against the VPN gateway compromises a vendor account, establishing an initial foothold inside the network perimeter.
Lateral Movement — SMB pivot to a developer workstation, followed by Kerberoasting to extract a service account hash from Active Directory.
Privilege Escalation — DCSync attack via the compromised service account, dumping all domain hashes and achieving Domain Admin. The domain is fully owned.
Data Exfiltration — 2.3M customer records exfiltrated from the production database over an HTTPS tunnel. Objective complete.
TTPs Simulated
Credential Spray Pass-the-Hash Kerberoasting DCSync Token Impersonation SMB Lateral Movement RDP Pivot Cloud Pivot Living Off the Land Data Exfiltration (HTTPS)
Tools & Controls
V Select & drag nodes
H Pan the canvas
E Draw edges between nodes
A Add a new node
D Delete nodes or edges
Esc Cancel current action
H Deploy hunter agents on nodes (Hunter Mode)
Click glowing edges during simulation to cut paths
? Yellow nodes are noise decoys — false positives that fire randomly to distract defenders
Phase tabs are clickable — filter the graph to highlight one phase at a time
Right-click anywhere for context menu options
Node Types
● User / Attacker ▣ Workstation ◈ Domain Controller ◉ Cloud VM ◆ Service Account ▦ Database ◌ Web Server ◫ Firewall
About
Ghostpath is a wgd.ai tool. Open it in any modern browser.