Attack Range : Tool To Simulate Attacks Against & Collect Data Into Splunk

Attack Range is a tool that allows you to create vulnerable instrumented local or cloud environments to simulate attacks against and collect the data into Splunk.

It solves two main challenges in development of detections. First, it allows the user to quickly build a small lab infrastructure as close as possible to your production environment. This lab infrastructure contains a Windows Domain Controller, Windows Workstation and Linux server, which comes pre-configured with multiple security tools and logging configuration. The infrastructure comes with a Splunk server collecting multiple log sources from the different servers.

Second, this framework allows the user to perform attack simulation using different engines. Therefore, the user can repeatedly replicate and generate data as close to “ground truth” as possible, in a format that allows the creation of detections, investigations, knowledge objects, and playbooks in Splunk.

Architecture

It can be used in two different ways:

  • local using vagrant and virtualbox
  • in the cloud using terraform and AWS

In order to make it work on almost every laptop, the local version using Vagrant and Virtualbox consists of a subset of the full-blown cloud infrastructure in AWS using Terraform.

The local version consists of a Splunk single instance and a Windows 10 workstation pre-configured with best practice logging configuration according to Splunk. The cloud infrastructure in AWS using Terraform consists of a Windows 10 workstation, a Windows 2016 server and a Splunk server. More information can be found in the wiki.

Also Read – Fileintel : A Modular Python Application To Pull Intelligence About Malicious Files

Running

It supports different actions:

  • Build It
  • Perform Attack Simulation
  • Destroy It
  • Stop It
  • Resume It

Build

  • Build it using Terraform

python attack_range.py -m terraform -a build

  • Build it using Vagrant

python attack_range.py -m vagrant -a build

Perform Attack Simulation

  • Perform Attack Simulation using Terraform

python attack_range.py -m terraform -a simulate -st T1117,T1003 -t attack-range_windows_2016_dc

  • Perform Attack Simulation using Vagrant

python attack_range.py -m vagrant -a simulate -st T1117,T1003 -t win10

Destroy

  • Destroy it using Terraform

python attack_range.py -m terraform -a destroy

  • Destroy it using Vagrant

python attack_range.py -m vagrant -a destroy

Stop Attack Range

  • Stop it using Terraform

python attack_range.py -m terraform -a stop

  • Stop it using Vagrant

python attack_range.py -m vagrant -a stop

Resume Attack Range

  • Resume it using Terraform

python attack_range.py -m terraform -a resume

  • Resume it using Vagrant

python attack_range.py -m vagrant -a resume

Credit: Jose Hernandez

R K

Recent Posts

Kali Linux 2024.4 Released, What’s New?

Kali Linux 2024.4, the final release of 2024, brings a wide range of updates and…

19 hours ago

Lifetime-Amsi-EtwPatch : Disabling PowerShell’s AMSI And ETW Protections

This Go program applies a lifetime patch to PowerShell to disable ETW (Event Tracing for…

19 hours ago

GPOHunter – Active Directory Group Policy Security Analyzer

GPOHunter is a comprehensive tool designed to analyze and identify security misconfigurations in Active Directory…

3 days ago

2024 MITRE ATT&CK Evaluation Results – Cynet Became a Leader With 100% Detection & Protection

Across small-to-medium enterprises (SMEs) and managed service providers (MSPs), the top priority for cybersecurity leaders…

5 days ago

SecHub : Streamlining Security Across Software Development Lifecycles

The free and open-source security platform SecHub, provides a central API to test software with…

1 week ago

Hawker : The Comprehensive OSINT Toolkit For Cybersecurity Professionals

Don't worry if there are any bugs in the tool, we will try to fix…

1 week ago