caldera
WSLab
Our great sponsors
caldera | WSLab | |
---|---|---|
16 | 9 | |
5,160 | 1,137 | |
2.7% | 1.7% | |
9.2 | 7.2 | |
7 days ago | 16 days ago | |
Python | PowerShell | |
Apache License 2.0 | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
caldera
-
SOC Malware/Detection lab
Also, for the attack emulation part you might be interested in CALDERA.
- Automated penetration testing software?
-
Endpoint Attack Simulation
Mitre made Caldera to drive this. https://github.com/mitre/caldera
- Testing an XDR solution
-
Do you know the Mitre tool "Caldera"? How can I build a plugin for it?
Did you join the Slack and ask your question there, or on the discussion forum? The CALDERA team will answer... (both links are at https://caldera.mitre.org/)
- New blue team
- Attack simulation tool based on CVE
-
Attack Chain/Exploitation Path Diagram Generation Tools?
There's also a plugin for Caldera (https://github.com/mitre/caldera) called Pathfinder (https://github.com/center-for-threat-informed-defense/caldera_pathfinder and https://www.youtube.com/watch?v=gQRWkHFRG-s) that can help.
- Malware testing service/site for our EDR Testing of SentinelOne
- Worm/ Replicating virus for demonstrating spread/lateral movement through a network.
WSLab
-
I need basic understanding of servers (terminal servers, dns servers, domain controllers etc), ip addresses and rdp
Good on you man, you have some great practical experience that will go a long way. Once you learn more you’ll have something that a lot of IT engineers don’t typically have. I work in IT for a manufacturing environment and having electrical and/or mechanical experience will help a lot with your troubleshooting methodology. You have some great replies here which will hopefully start to bridge that gap. I can also highly recommend creating a small homelab for yourself. You can’t beat hands on learning, and there are a ton of great tools to get you started, e.g., https://github.com/microsoft/MSLab. This will help get you up and running quickly and give you an environment to play with. Good luck dude.
-
Clarification needed.
If you want to pen test AND implement/engineer, the cyber defense emphasis may be the best fit. As you progress, consider whether you're more drawn to networking/infrastructure or systems. A great approach: build labs that you think will be difficult to exploit, attack them, improve them. Lather, rinse, and repeat. you can do that with cloud platforms, web apps, mobile apps, IoT, etc. If you're not sure where to start, get your hands on a decently powered machine and check out the ready-to-build scenarios in MSLabs (https://github.com/microsoft/MSLab The Windows Event Forwarding scenarios are especially interesting).
-
A bit worried
If you have the time and resources for it, consider setting up a complex lab environment (https://github.com/microsoft/MSLab is a helpful starting point) with a few different types of targets. Within that environment, you can break whatever you want, try different hardening techniques, etc. I like to use that type of lab to test detection capabilities and scripted/triggered automations using sysmon, wazuh, and caldera.
- powershell script for setting up a Domain Controller
- Automate hyper-v with code
- Active directory pen testing lab
-
Cybersecurity physical labs
take a look at https://github.com/microsoft/MSLab, you can install Hyper-V 2019 server and use the scenarios to create a lab to your liking. I'm using this approach to establish a stable/consistent starting point for an AD environment with OUs, computers, groups, and users generated randomly by https://github.com/davidprowe/BadBlood to gauge the differences in logging and detection fidelity between different EDR solutions.
- Windows clustering
-
Windows Server for personal use?
Have a look at WSLab for rapid deployment of environments https://github.com/microsoft/WSLab
What are some alternatives?
Covenant - Covenant is a collaborative .NET C2 framework for red teamers.
AutomatedLab - AutomatedLab is a provisioning solution and framework that lets you deploy complex labs on HyperV and Azure with simple PowerShell scripts. It supports all Windows operating systems from 2008 R2 to 2022, some Linux distributions and various products like AD, Exchange, PKI, IIS, etc.
Empire - Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.
can-i-take-over-xyz - "Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.
CTF-Difficulty - This cheasheet is aimed at the CTF Players and Beginners to help them sort the CTF Challenges on the basis of Difficulties.
BadBlood - BadBlood by @davidprowe, Secframe.com, fills a Microsoft Active Directory Domain with a structure and thousands of objects. The output of the tool is a domain similar to a domain in the real world. After BadBlood is ran on a domain, security analysts and engineers can practice using tools to gain an understanding and prescribe to securing Active Directory. Each time this tool runs, it produces different results. The domain, users, groups, computers and permissions are different. Every. Single. Time.
Incident-Playbook - GOAL: Incident Response Playbooks Mapped to MITRE Attack Tactics and Techniques. [Contributors Friendly]
Wazuh - Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.
Ghostwriter - The SpecterOps project management and reporting engine
oh-my-git - An interactive Git learning game!