red_team_attack_lab
Responder
red_team_attack_lab | Responder | |
---|---|---|
5 | 6 | |
476 | 5,063 | |
- | - | |
4.5 | 7.6 | |
12 months ago | about 1 month ago | |
PowerShell | Python | |
GNU General Public License v3.0 only | GNU General Public License v3.0 only |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
red_team_attack_lab
- Can anyone describe their red team infrastructure?
-
Non-Internet Connected IAC Range
There are some pretty solid examples like splunk attack range or detection lab available on GitHub. They leverage ansible, virtual box, and vagrant. My team used to use red team lab https://github.com/Marshall-Hallenbeck/red_team_attack_lab internally for demos, but has since moved to Snaplabs for the ease of deployment and cost. I can have a junior engineer spin up an entire Ad instance from a template in 5 minutes vs fighting virtual box and ansible to 2 days.
-
Active directory scripts for setting a lab?
Try this https://github.com/Marshall-Hallenbeck/red_team_attack_lab
-
Anyone have experience building a Windows AD lab environment in Docker?
Since you mention your in-depth ELK workflow, have you tried DetectionLab or Splunk's Attack Range? If you just want a fully working AD domain set up with various hosts, you can spin up the Red Team Attack Lab and then hook in your own logging stuff after it's built.
- Red Team Attack Lab for TTP testing & research
Responder
-
Active directory scripts for setting a lab?
Look at responder, that’s usually my ticket in. https://github.com/lgandx/Responder
- WPAD | Wireshark
-
Responder & NTLMRelayx
They were originally added as a precaution since the features could cause disruption to the network. They stopped working after a refactoring in version 2.3.0. See https://github.com/lgandx/Responder/issues/166 for details.
-
In what ways can malicious sites harm me if I don't download anything or input any details?
I am pretty sure that there's a way to make an attack work with Responder and stealing network credential components via a webdav server. There's probably a few attacks that are specific to being on the same domain or LAN that we could come up with, but your scenario made it sound more like you were interested in a public website vs an arbitrary user visiting.
-
How could I implement the NET in Cyberpunk Red?
* So, this is a real-world thing. I do work as a penetration tester and can say that starting on the inside of the firewall, with the ability to intercept network streams, perform Man in the Middle attacks, probe non-network accessible services, etc, etc, makes my job MUCH easier. Even in "zero trust" networks, adjacency is super helpful. Even in cloud-dispersed systems, you'd be amazed at the crap that gets whitelisted (Really, your entire user LAN needs to SSH to the jumphost that has keys for all your servers?) not to mention that users still write down credentials or things that can help get to credentials. I mean, hell, Responder still works (https://github.com/lgandx/Responder).
-
Using Responder
Also, I did get Responder working, had a little trouble with MultiRelay until I followed some directions on Github:https://github.com/lgandx/Responder/issues/147
What are some alternatives?
cervantes - Cervantes is an open-source, collaborative platform designed specifically for pentesters and red teams. It serves as a comprehensive management tool, streamlining the organization of projects, clients, vulnerabilities, and reports in a single, centralized location.
GOAD - game of active directory
BadBlood - BadBlood by @davidprowe, Secframe.com, fills a Microsoft Active Directory Domain with a structure and thousands of objects. The output of the tool is a domain similar to a domain in the real world. After BadBlood is ran on a domain, security analysts and engineers can practice using tools to gain an understanding and prescribe to securing Active Directory. Each time this tool runs, it produces different results. The domain, users, groups, computers and permissions are different. Every. Single. Time.
Infosec_Reference - An Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.
DetectionLab - Automate the creation of a lab environment complete with security tooling and logging best practices
passwordstate-decryptor - PowerShell script that decrypts password entries from a Passwordstate server.
sonar.js - A framework for identifying and launching exploits against internal network hosts. Works via WebRTC IP enumeration combined with WebSockets and external resource fingerprinting.
attack_range - A tool that allows you to create vulnerable instrumented local or cloud environments to simulate attacks against and collect the data into Splunk
gitjacker - 🔪 :octocat: Leak git repositories from misconfigured websites
nishang - Nishang - Offensive PowerShell for red team, penetration testing and offensive security.