Category Archives: Red Teaming

Install/Setup MITRE Caldera the automated cyber adversary emulation system

In this blog post I will be covering how to setup and utilize MITRE’s new tool called Caldera. Caldera is a cyber adversary emulation system that operates on a server/agent model. On the server you can create adversary campaigns that are deployed to your agents. Your agents will periodically call back with their results and progress. Let’s begin!

Continue reading

Part 1: Intro to Threat Hunting with Powershell Empire, Windows event logs, and Graylog

One of the biggest trends in infosec, besides the word cyber, is threat hunting. First, I want to start by defining threat hunting as the action of “investigation without cause” and this concept is nothing new. It’s been around for years but we didn’t have a catchy marketing term associated with it. In this post, I will breakdown the Sqrrl threat hunting model, Powershell Empire for adversary activity, and instructions on setting up Graylog for log aggregation and a search platform to perform threat hunting. Finally, I would like to point out all Ansible playbooks used in this post are publicly accessible on my Github page in a repo called “AgileFalcon“.

Continue reading

Part 3: How to Red Team – Setting up a red team infrastructure

In this post I thought I would demonstrate how to setup an environment for a red teamer. PLEASE take this environment with a gain of salt because everyone will have a different setup!!! This guide is to show the basics and hopefully a template based on the Armitage/Cobalt Strike architecture. If your interested in the pinnacle of red team setups take a look at Alex Levinson’s post about the CCDC Red team or the blog Room 362 by Rob Fuller.

Continue reading

Part 2: How to red team – Metasploit framework

In this post I am going to briefly cover the exploitation process with the  Metasploit framework. A framework is defined as a real or conceptual structure intended to serve as a support or guide for the building of something that expands the structure into something useful. The Metasploit framework allows red teamers to configure an exploit, choose a payload, an encoding technique to obfuscate the payload, and post-exploitation modules after access is gained. The next couple of sections are going to walk through the process of exploitation. I believe the Metasploit approach is a template to know because other frameworks and tools follow the same flow. Continue reading

Part 1: How to Red Team – Scanning and Enumeration

I have to be honest that my red team skills could use some improvement. I firmly believe that red teaming is a skill and a mindset that people have. I believe some people are naturally born with this mindset and others develop it, I am a developer :).Currently, I am aspiring to become an incident responder because the thrill of the hunt seems like A LOT of fun to me. But to be an effective incident responder I have to understand my adversary and their strategies.

This blog post series will include my approach of learning how to become a red teamer in a competition type of environment. Now my reasoning for this is because I have the ability to compete in multiple competitions as red teamer as a college student. Additionally, I hope to periodically return to these posts and update them with new tactics and tools that I find and use.

Continue reading