🕹️
Ali Rodoplu
  • 👋Who am I?
  • ARTICLES
  • 🧨Offensive
    • Enum4Linux
    • How to Perform SSH Brute Force Attack and How Can We Protect Our Systems from It?
    • Dictionary Attack via HashCat
    • Credential Dumping via Pypykatz
    • Exploiting the Shellshock Vulnerability and Protecting Yourself against It
    • What is Buffer Overflow Attack and How to Obtain Reverse Shell Using Buffer Overflow Attack
    • How to Kill Microsoft Defender’s Process
    • Getting Reverse Shell with Powercat
    • Creating Backdoor payload and Obtain Reverse Shell via Ngrok and MetaSploit Framework
    • Kiterunner
  • ⚙️Defensive
    • 📺Static Analysis
      • Finding Malwares by Performing Static Analysis with PeStudio
    • 📌Dynamic Analysis
      • Find Malwares using Process Explorer
      • Find Malwares Using Sysmon
      • Malware Hunting using Procmon and Procexp
      • Linux Sysmon
    • 📀Reverse Engineering
      • ILSPY ile Zararlı bir .NET PE'sine Reverse Engineering.
  • 🔥CVE Explotation
    • CVE-2023-48795 Zafiyeti ve Bazı Mitigation Adımlarının Gerçekleştirilmesi
    • Heap Buffer Overflow in libwebp in Google Chrome - CVE-2023-4863
    • HTTP/2 ‘Rapid Reset’ DDoS atağı CVE-2023-44487
    • Exploit the Log4J Vulnerability - CVE-2021-44228
    • Exploit the WinRAR - CVE-2023-38831
  • 🔗OSINT
    • Maltego the OSINT Tool
  • 🎯Attack Simulation
    • Caldera Installation and Simulating an Attack with Caldera
    • How to Install Atomic Red Team, Which is an Attack Simulation Tool?
  • 💻Cyber Security
    • Dolandırıcıların Yeni Dolandırıcılık Yöntemlerinden biri: Youtube Reklamları
    • OWASP And OWASP Top Ten Project
    • Understanding the MITRE ATT&CK Framework and the Relationship Between MITRE and Security Products
    • Machine Learning and CyberSecurity
  • 💿Cyber Security Products
    • Trellix(FireEye)
      • Creating HX Policy And Host Set then Binding Them To Each Other
      • What is Helix and some example about Index Search Inside Data Lake
      • Installation of FireEye HX(currently Trellix HX)
    • CrowdStrike
      • CrowdStrike’s FileVantage Feature and How to Set Policy.
      • CrowdStrike Prevention Policy’s Features and Assigning Policy to the Host Group
  • 💾General
    • What is PrivateGPT and How to Install It
Powered by GitBook
On this page
  1. Attack Simulation

Caldera Installation and Simulating an Attack with Caldera

PreviousAttack SimulationNextHow to Install Atomic Red Team, Which is an Attack Simulation Tool?

Last updated 1 year ago

Image Source: https://github.com/mitre/caldera

Caldera is an automation and response platform designed for security professionals. It is used to enhance cybersecurity operations and threat hunting processes. Caldera is designed to simulate attack scenarios, monitor threats, analyze them, and respond. This allows security teams to test defense strategies, identify vulnerabilities, and be prepared for real-world attacks.

Key features of Caldera include the automated execution of attack scenarios, integration of threat intelligence, security analysis, and automation of incident response processes. With this tool, security experts can create and execute realistic scenarios to test and improve defense mechanisms.

Caldera is also a project developed by and is designed to assist security professionals with threat hunting and incident response.

Lets install Caldera!!!

Requirements

  • Pythons

  • Git(optionally)

  • Linux or MacOS Host

We can download the source files in two different ways.

Github;

git clone https://github.com/mitre/caldera.git --recursive

Github Gui;

Then let’s run the following command to install the requirements

pip3 install -r requirements.txt

Let’s run the application

python3 server.py –insecure

Then, let’s go to the browser and type this address; Address: http:127.0.0.1:8888 Username: red Password: admin

Now, let’s deploy agents for our attack tests. Campaigns > Agents > Deploy an Agents As a start, we can deploy the sandcat agent.

After choosing the OS type of the endpoint where we will deploy the Agent, we define the callback IP as Caldera’s IP and define the Agent name.

After coming down a little with the mouse, we see that the agent setup script has been prepared for us according to the information we have written.

I prepared this script for windows host. Let’s go and run the script on windows and deploy our agent.

Now we go and look at the Caldera interface and we’ll see the agent appear.

Now we can start a simple attack simulation.

Campaigns > Operations > Create Operation Here I start a simple simulation with the techniques of Mitre’s Discovery tactic.

We can click “View Output” to see the outputs of any attack made. Here I looked at the output of the attack, which lists the processes on the endpoint.

If we want to apply a specific attack type; Let’s go Campaigns > Adversaries > New Profile and Create Profile. Click Add Ability

  • Tactic: Collection

  • Technique: T1115 | Clipboard Data

  • Ability: Copy Clipboard

Then let’s go back to Operations > Create Operation Here we select the Adversary we just created in the Adversary section.

As you can see, the agent deployment script was included because I wanted to deploy the agent.

Stay Tune!

🎯
MITRE