Category Archives: ForFunAndWumbos

Install/Setup MITRE Caldera the automated cyber adversary emulation system

In this blog post I will be covering how to setup and utilize MITRE’s new tool called Caldera. Caldera is a cyber adversary emulation system that operates on a server/agent model. On the server you can create adversary campaigns that are deployed to your agents. Your agents will periodically call back with their results and progress. Let’s begin!

Continue reading

Part 3: How to Red Team – Setting up a red team infrastructure

In this post I thought I would demonstrate how to setup an environment for a red teamer. PLEASE take this environment with a gain of salt because everyone will have a different setup!!! This guide is to show the basics and hopefully a template based on the Armitage/Cobalt Strike architecture. If your interested in the pinnacle of red team setups take a look at Alex Levinson’s post about the CCDC Red team or the blog Room 362 by Rob Fuller.

Continue reading

Creating macOS VM on VMware Fusion

I had no idea that Mac OSX users had the ability to create Mac OSX VMs with VMware Fusion. Say that last part five times fast lol. I am going to walk you through the process of creating a macOS(Sierra) VM on my laptop. I would like to give original credit to VMware but I want to share this with my readers. The ability to create Mac OSX VMs allows me to analyze Mac OSX malware in a safe environment, whoop whoop.

Continue reading

Part 2: How to red team – Metasploit framework

In this post I am going to briefly cover the exploitation process with the  Metasploit framework. A framework is defined as a real or conceptual structure intended to serve as a support or guide for the building of something that expands the structure into something useful. The Metasploit framework allows red teamers to configure an exploit, choose a payload, an encoding technique to obfuscate the payload, and post-exploitation modules after access is gained. The next couple of sections are going to walk through the process of exploitation. I believe the Metasploit approach is a template to know because other frameworks and tools follow the same flow. Continue reading

Part 1: How to Red Team – Scanning and Enumeration

I have to be honest that my red team skills could use some improvement. I firmly believe that red teaming is a skill and a mindset that people have. I believe some people are naturally born with this mindset and others develop it, I am a developer :).Currently, I am aspiring to become an incident responder because the thrill of the hunt seems like A LOT of fun to me. But to be an effective incident responder I have to understand my adversary and their strategies.

This blog post series will include my approach of learning how to become a red teamer in a competition type of environment. Now my reasoning for this is because I have the ability to compete in multiple competitions as red teamer as a college student. Additionally, I hope to periodically return to these posts and update them with new tactics and tools that I find and use.

Continue reading

Intro to the ELK Stack on CentOS 7

This is a two part series on setting up an ELK stack to receive syslog and in the next post Bro logs. The ELK stack is an awesome collection of software but a complicated MumboJumboCombo of components. I wanted to help break that barrier for beginners and to help explain how each component works. So stick with me on this two part series! I would like to give credit to this DigitalOcean post writer for the ELK stack write-up which I’ll be referencing. Additionally my Github contains a script to setup the ELK stack for CentOS 7 64-bit based on the guide below.

Continue reading

RC3 Fall 2016 CTF Infrastructure

 

web-banner

 

In this blog post I will be walking you through how I setup my club’s CTF infrastructure on AWS. I take great pride as the RC3 CTF infrastructure captain (with a bit of an inflated ego 🙂 ) that my infrastructure as a whole never had any downtime! Additionally, our CTF attracted a 1,000 users over the course of a weekend, which was a great stress test for my infrastructure.

This post consists of the following AWS services which are EC2, S3, VPCs, Route 53, RDS, and IAM. Our infrastructure utilized software and services such as CentOS, Ubuntu, HAProxy, Let’s Encrypt, CTFd, Bro, and Nginx/uwsgi. Please keep in mind this guide is a sys admin guide and not a security guide. Some of the security measures implemented in the infrastructure have been left out of this guide to thwart individuals from taking advantage of this build in the future. Without further ado, here we go on the wild ride of creating a CTF cloud computing infrastructure in Amazon’s Web Services (AWS) :).

Continue reading