Setting Up Caldera & Atomic Red-Team

CALDERA is an automated adversary emulation system, built on the MITRE ATT&CK™ framework.

Installation

Start by cloning this repository recursively. This will pull all available plugins.

git clone https://github.com/mitre/caldera.git --recursive

From the root of this project, install the PIP requirements.

pip3 install -r requirements.txt

Before you can start the server we need to change some environment variables:

Edit the /caldera/conf/local.yml and change the following values:

  • host: 192.168.1.5 - - Make this the IP you wish to hav the caldera agents connect to

  • port: 8888 - - you should leave this but it can be edited

  • exfil_dir: /tmp

  • memory: True

  • plugins:

    • stockpile

    • sandcat

    • gui

    • chain

Building Advanced Adversaries

In the caldera/plugins/stockpile/abilities folder you will find various skills grouped by the MITRE ATTACK Framework ( Defense Evasion, Lateral Movement, Credential Access, Etc). You can use the Caldera Workbook to quickly build custom adversaries to test controls:

Adding the Atomic Red Team to Caldera

git clone https://github.com/redcanaryco/atomic-red-team.git

git clone https://github.com/mitre/cti.git

git clone https://github.com/xenoscr/Atomic-Caldera.git

Requirements

  • Python 3.6.8+ with the following libraries installed

    • PyYAML

      • https://pyyaml.org/wiki/PyYAML

    • STIX2

      • https://github.com/oasis-open/cti-python-stix2

  • Atomic-Caldera requires the following repositories be stored locally somewhere:

    • https://github.com/redcanaryco/atomic-red-team https://github.com/mitre/cti

Install Requirements:

pip install -r requirements.txt

Clone the Red Canary Atomic Red Team repository:

git clone https://github.com/redcanaryco/atomic-red-team.git

Clone the MITRE CTI repository:

git clone https://github.com/mitre/cti.git Usage Atomic-Caldera.py

Atomic-Caldera requires only two parameters to run. The input directory where the Red Canary Atomic Red Team “atomics” folder is located and the path to the MITRE CTI repository. The output folder option and CSV file options are optional, if they are not supplied, Atomic-Caldera will save these files in the current working directory.

Example

./Atomic-Caldera.py -i ~/repos/atomic-red-team/atomics -c ~/repos/cti Update-AtomicVariables.py

Update-AtomicVariables requires only two parameters to run. The input directory containing the abilities YAML files that were generated by the Atomic-Caldera.py script and the path to the CSV file containing the variable values that will be used to populate the abilities YAML files. If the output option is not populated a new “abilities-updated” folder will be created in the same directory where the input source abilities are located.

Example

./Update-AtomicVariables.py -i ~/working/abilities -c ~/working/atomic-variables.csv

References

LogoGitHub - xenoscr/atomiccaldera: A MITRE Caldera plugin written in Python 3 used to convert Red Canary Atomic Red Team Tests to MITRE Caldera Stockpile YAML ability files.GitHub

PreviousSocial Engineering TricksNextDiscovering & Exploiting Buffer Overflows

Last updated