This step generates TLS key pairs. This is used for encrypting the filebeat traffic between redirectors/C2servers and the RedELK server.
It can be run on any unix based system. But it makes sense completely sense to run this from your dedicated RedELK system.
./certs/config.cnf
initial-setup.sh ./certs/config.cnf
c2servers.tgz
, redirs.tgz
and elkserver.tgz
to relevant systemsAdjust ./certs/config.cnf
to include the right details for 2 items: 1) the TLS certificates, and 2) the DNS/IP of your RedELK server.
[req_distinguished_name]
part. Change it to something that openssl accepts as correct TLS certificate information.[alt_names]
part. Its really important to have the right IP (IP.1) or DNS (DNS.1) name listed in that file! These need to point to either the IP or the DNS of your RedELK server. Otherwise your TLS setup will not function and Logstash will fail and crash miserably with cryptic errors in its log.Once done, run: initial-setup.sh ./certs/config.cnf
This will create a CA, generate necessary certificates for secure communication between redirs, C2-server and elkserver and generates a SSH keypair for secure rsync authentication of the elkserver to the C2server.
It also generates c2servers.tgz
, redirs.tgz
and elkserver.tgz
that contain the installation packages for each component.
You need to copy these tgz files to the relevant systems (C2-servers, redirs en the system you will be using as the central RedELK node).
Rerunning this initial setup is only required if you want new TLS keys to be used. If such is the case, delete the ./certs/redelkCA.*
and ./certs/elkserver.*
files and rerun initial-setup.sh ./certs/config.cnf
.
The project is based on Go and Vue to build a management system for sensitive…
Setting up a Command and Control (C2) server is a critical step in establishing a…
Installing and configuring redirectors as part of your red team infrastructure. Follow these step-by-step instructions…
enum4linux-ng.py is a rewrite of Mark Lowe's (former Portcullis Labs now Cisco CX Security Labs)…
Interactive PDF Analysis (also called IPA) allows any researcher to explore the inner details of…
A detailed guide on setting up Cobalt Strike in a Docker environment. Cobalt Strike, a…