1 Building a Cyber Range Kevin Cardwell 1
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
1
1
Building a Cyber Range
Kevin Cardwell
Methods◦ New
From scratch◦ Clone
From and existing image◦ Convert
Works only on Windows
Virtual Machine Creation
2
Use the wizard◦ Has an easy install option
Only works for some operating systems Has two methods
Typical Accepts the standard defaults
Custom Can select memory allocation Network type
New
3
Custom◦ Preferred method◦ Allows for SCSI or IDE virtual disk◦ Store the virtual disk in another location
New (cont)
4
Creates a copy of the virtual machine◦ Linked
Related to the VM used as source◦ Full
Complete and separate clone
Cloning
5
Cloning (cont)
6
VmWare Converter◦ A tool to convert a physical machine to a virtual
machine◦ Not an exact science◦ Only on Windows
Converting
7
Network Connection Type
8
Connects to the network using the host network adapter
Connected to physical network
Bridged
9
Share the IP and MAC address of the host Not visible outside of the network
NAT
10
Creates a network completely contained within the host
Can isolate a network Cannot connect to the Internet
Host-Only
11
Can create sophisticated networks
Custom
12
Switch
Attacker Box
Vmnet1
Vmnet2Vmnet3
Vmnet4
Web
InfrastructureRC
TAC
13
Router◦ If do not have a device◦ Use dynamips
www.dynagen.org Requires Cisco IOS
Zeroshell www.zeroshell.org
Bastion Host◦ Any
Smoothwall free version – www.smoothwall.org pfsense
Based on FreeBSD Load balancing
Build it with 3 or 4 interfaces◦ Red◦ Green◦ Orange (DMZ)◦ Purple Wireless
Components
14
Attacker machine◦ Windows with a VM
Kali Pentoo Build your own custom box
An inside machine◦ Windows
All boxes with at least two network cards configured◦ Can bind and isolate attacks if needed
Start research◦ Lab it up and test it!
Components (cont)
15
Replaced teams Allows you to power on and off complex
ranges all with one click
Folders
16
When you do your information gathering Identify the systems, services and software Lab it up and play!
◦ Start with a flat network◦ If you cannot get it with that, you never will
through layers of defense Document what works and does not work
Planning
17
18
Building the Range
19
Island Hopping and Pivoting Exploit Proxy
Advanced Techniques
20
As you compromise assets, the perspective of the attacker changes
You now are located at the point of the compromised system
Allows us to leverage trust relationships
Island Hopping and Pivoting
21
Island Hopping and Pivoting (cont)
External
Screeningrouter
Internal
Bastionhost
WWWserver
FTPserver
Services subnet
22
A component of island hopping and pivoting Leverages the inside machine
◦ Plant my exploits there run exploits all from the inside machine
◦ This is fun!!!!! Requires an advanced shell
◦ The inside machine is not going to know about your network Have to add a route on the inside machine
Made easy with the tools Metasploit Meterpreter
Exploit Proxy
Related Documents
