Wp Header Logo 15

Caldera: Red Team Emulation (Part 1)

This article aims to demonstrate an open-source breach & emulation framework through which red team activity can be conducted with ease. It focuses on MITRE simulation and has tons of other functions that can be used in the activity.

MITRE Att&ck

Caldera

Campaigns

Conclusion

Mitre framework provides a list of all the Tactics, Techniques and Procedure (TTPs) & their corresponding sub-techniques arranged in a well-structured form which can be used in red team activities.

CALDERA breach & emulation tool designed to easily automate adversary emulation, assist manual red-teams and automate incident response.

The framework consists of two components:

The core system: This is the framework code, consisting of what is available in this repository. Included is an asynchronous command-and-control (C2) server with a REST API and a web interface.

Plugins: These repositories expand the core framework capabilities and provide additional functionality. Examples include agents, reporting, collections of TTPs and more.

Pre-requisite & dependencies

These requirements are for the computer running the core framework:

Installation

Follow these steps for setting up caldera:

Interface

Caldera provides web interface which is simple to navigate and use.

Plugins

The Plugins category offers a list of all current plugins and allows you to quickly and easily access their functionality.

To know more about a particular plugin, follow the link.

Agents, adversaries, and operations make up the Campaigns category, which may be used to build up the numerous agents, adversaries, and operations needed for a red team operation or adversary emulation.

Step1: Deploy an Agents

To begin with initial access we need to implant an agent inside the target system.

To set up an agent or listener:

In the campaign tab, click on agents

Choose an agent (3 types currently available)

Choose the platform (Windows, Linux or Darwin [mac OS])

As soon as the platform is selected, you need to set up the IP, Port & name of the implant

It will also give a set of commands needed to be executed on the target

In the case of Linux/Mac OS, execute it on terminal

Deploy agent inside the target machine by simple copy-paste

In the case of Windows, execute it on PowerShell (Bypass the execution policy first)

Deploy agent inside the target machine by simple copy-paste.

The agent pops back onto the caldera which specifies the command which was executed on the victim end was successful

Step2: Abilities

An ability is a specific ATT&CK tactic/technique implementation which can be executed on running agents. Abilities will include the command(s) to run, the platforms/executors the commands can run on (ex: Windows / PowerShell), payloads to include, and a reference to a module to parse the output on the CALDERA server.

As you can see in the above ss, we can select Platform and related TTP. Let us take a discovery as a tactic & Linux as a platform (the same tactic demonstrated for windows in this article)

Step3: Setting up Operations

After setting up the agent, now it is time to run the abilities or the set of instructions as shown above. For this, we need to set up an operation

To do this:

Choose the adversary (Adversary Profiles are collections of ATT&CK TTPs, designed to create specific effects on a host or network. Profiles can be used for offensive or defensive use cases.)

Fill in the details and specifications of the operation you want to run

Click on start, after a while, you can see that it starts running and populating the results on the screen

As you can see, all set of commands running is obfuscated in base64nopadd format (also you can select other options specified), we can also see the command and we can view the output of the command (Also, we can see the status of the task performed)

Step4: Exporting the result

After the activity has been completed, we can extract the report in two ways:

Go to debrief tab, choose the pointers to be included in the report; then download the full report as a PDF

We have thus been able to perform the adversary simulation with the help of Caldera. Using this framework, Red/Purple team activities can be easily performed.

Reference: https://caldera.readthedocs.io/en/latest/

The post Caldera: Red Team Emulation (Part 1) appeared first on Hacking Articles.

source

Leave a Comment

Leave a Reply

Your email address will not be published.

Apple Security Flaw Lets Hackers Control iPhones, iPads, And Macs

Toxssin – An XSS Exploitation Command-Line Interface And Payload Generator

How to Set Blank Status on WhatsApp in 2022

Unprotected Snapchat and Amex sites lead to credential harvesting