Libertyunix
  • About.me
  • Getting Started
    • Kali Images
    • Setting Up Your Kali Box
  • CheetSheets
    • OSCP Fun
    • Active Directory
    • Windows
    • 802-11 Wireless
    • Enumeration
    • Payloads
    • Secure Copy Protocol
    • Privilege Escalation
    • Tunneling
    • Red Team Playbook
    • Oneliners for Code Execution
  • PenTesting & Red Teaming
    • Python for Exfil
    • Using MSBuild to Execute Shellcode in C#
    • Social Engineering Tricks
    • Setting Up Caldera & Atomic Red-Team
    • Discovering & Exploiting Buffer Overflows
  • Wireless
    • An Introduction to IoT Penetration Testing
    • An Introduction to BLE - Part 1
    • BLE Deep Dive
    • Proxmark 3
  • Hack The Box
    • Fuse
    • Blunder
    • Unblanced
    • Tabby
  • Threat Hunting
    • Threat Hunter Playbook
  • DFIR
    • Creating Windows USB for DFIR & Fun (DRAFT)
  • Talks, Workshops, & WriteUps
    • The Portable Executable (PE) (DRAFT)
    • Resume
    • Presented Research
    • Offensive Security 101 Workshop
Powered by GitBook
On this page
  • Installation
  • Building Advanced Adversaries
  • References
  1. PenTesting & Red Teaming

Setting Up Caldera & Atomic Red-Team

CALDERA is an automated adversary emulation system, built on the MITRE ATT&CK™ framework.

Installation

Start by cloning this repository recursively. This will pull all available plugins.

git clone https://github.com/mitre/caldera.git --recursive

From the root of this project, install the PIP requirements.

pip3 install -r requirements.txt

Before you can start the server we need to change some environment variables:

Edit the /caldera/conf/local.yml and change the following values:

  • host: 192.168.1.5 - - Make this the IP you wish to hav the caldera agents connect to

  • port: 8888 - - you should leave this but it can be edited

  • exfil_dir: /tmp

  • memory: True

  • plugins:

    • stockpile

    • sandcat

    • gui

    • chain

Building Advanced Adversaries

In the caldera/plugins/stockpile/abilities folder you will find various skills grouped by the MITRE ATTACK Framework ( Defense Evasion, Lateral Movement, Credential Access, Etc). You can use the Caldera Workbook to quickly build custom adversaries to test controls:

Adding the Atomic Red Team to Caldera

git clone https://github.com/redcanaryco/atomic-red-team.git

git clone https://github.com/mitre/cti.git

git clone https://github.com/xenoscr/Atomic-Caldera.git

Requirements

  • Python 3.6.8+ with the following libraries installed

    • PyYAML

      • https://pyyaml.org/wiki/PyYAML

    • STIX2

      • https://github.com/oasis-open/cti-python-stix2

  • Atomic-Caldera requires the following repositories be stored locally somewhere:

    • https://github.com/redcanaryco/atomic-red-team https://github.com/mitre/cti

Install Requirements:

pip install -r requirements.txt

Clone the Red Canary Atomic Red Team repository:

git clone https://github.com/redcanaryco/atomic-red-team.git

Clone the MITRE CTI repository:

git clone https://github.com/mitre/cti.git Usage Atomic-Caldera.py

Atomic-Caldera requires only two parameters to run. The input directory where the Red Canary Atomic Red Team “atomics” folder is located and the path to the MITRE CTI repository. The output folder option and CSV file options are optional, if they are not supplied, Atomic-Caldera will save these files in the current working directory.

Example

./Atomic-Caldera.py -i ~/repos/atomic-red-team/atomics -c ~/repos/cti Update-AtomicVariables.py

Update-AtomicVariables requires only two parameters to run. The input directory containing the abilities YAML files that were generated by the Atomic-Caldera.py script and the path to the CSV file containing the variable values that will be used to populate the abilities YAML files. If the output option is not populated a new “abilities-updated” folder will be created in the same directory where the input source abilities are located.

Example

./Update-AtomicVariables.py -i ~/working/abilities -c ~/working/atomic-variables.csv

References

PreviousSocial Engineering TricksNextDiscovering & Exploiting Buffer Overflows

Last updated 5 years ago

GitHub - xenoscr/atomiccaldera: A MITRE Caldera plugin written in Python 3 used to convert Red Canary Atomic Red Team Tests to MITRE Caldera Stockpile YAML ability files.GitHub
Logo