red_team_attack_lab
RedELK
red_team_attack_lab | RedELK | |
---|---|---|
5 | 5 | |
476 | 2,294 | |
- | 1.7% | |
4.5 | 7.1 | |
12 months ago | 3 months ago | |
PowerShell | Python | |
GNU General Public License v3.0 only | BSD 3-clause "New" or "Revised" License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
red_team_attack_lab
- Can anyone describe their red team infrastructure?
-
Non-Internet Connected IAC Range
There are some pretty solid examples like splunk attack range or detection lab available on GitHub. They leverage ansible, virtual box, and vagrant. My team used to use red team lab https://github.com/Marshall-Hallenbeck/red_team_attack_lab internally for demos, but has since moved to Snaplabs for the ease of deployment and cost. I can have a junior engineer spin up an entire Ad instance from a template in 5 minutes vs fighting virtual box and ansible to 2 days.
-
Active directory scripts for setting a lab?
Try this https://github.com/Marshall-Hallenbeck/red_team_attack_lab
-
Anyone have experience building a Windows AD lab environment in Docker?
Since you mention your in-depth ELK workflow, have you tried DetectionLab or Splunk's Attack Range? If you just want a fully working AD domain set up with various hosts, you can spin up the Red Team Attack Lab and then hook in your own logging stuff after it's built.
- Red Team Attack Lab for TTP testing & research
RedELK
-
What project ideas are there for a cybersecurity homelab?
Play with RedELK for learning ELK and monitoring blue team activities - https://github.com/outflanknl/RedELK
-
Can anyone describe their red team infrastructure?
I'd love to build a tf setup that utilizes redirectors and the "standard" setup along with RedELK so I'd be curious what you find and what others suggest.
-
Awesome Penetration Testing
RedELK - Track and alarm about Blue Team activities while providing better usability in long term offensive operations.
- outflanknl/RedELK - Red Team's SIEM - tool for Red Teams used for tracking and alarming about Blue Team activities as well as better usability in long term operations.
-
Documentation / Logging - what are you using?
Redelk - https://github.com/outflanknl/RedELK
What are some alternatives?
cervantes - Cervantes is an open-source, collaborative platform designed specifically for pentesters and red teams. It serves as a comprehensive management tool, streamlining the organization of projects, clients, vulnerabilities, and reports in a single, centralized location.
dsiem - Security event correlation engine for ELK stack
GOAD - game of active directory
HELK - The Hunting ELK
Infosec_Reference - An Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.
wazuh-dashboard-plugins - Plugins for Wazuh Dashboard
passwordstate-decryptor - PowerShell script that decrypts password entries from a Passwordstate server.
awesome-pcaptools - A collection of tools developed by other researchers in the Computer Science area to process network traces. All the right reserved for the original authors.
attack_range - A tool that allows you to create vulnerable instrumented local or cloud environments to simulate attacks against and collect the data into Splunk
praeco - Elasticsearch alerting made simple.
gitjacker - 🔪 :octocat: Leak git repositories from misconfigured websites
masscan - TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.