Tracking #RedOps
So, I have been following this space of red team automation for a while...
and this post came out of a conversation I had with one of my co-workers about some videos I have been doing at work. So, I am going to try and keep this post up to date with info about different projects for red team automation projects.
This was the message:
There are a few people that have given at least like small intros into things, but not a suite of things to connect everything together for redops like I feel is possible for all the devops tools that are out there.
Ya, I am definitely trying to take that approach towards discoverability and niche for my content.
A few others that I have been following are these people:
- https://twitter.com/_RastaMouse
- https://twitter.com/xpn
- https://twitter.com/curi0usJack
- https://twitter.com/Centurion
with these posts/projects:
- https://rastamouse.me/2017/08/automated-red-team-infrastructure-deployment-with-terraform---part-1/
- https://rastamouse.me/2017/09/automated-red-team-infrastructure-deployment-with-terraform---part-2/
- https://github.com/rmikehodges/hideNsneak (@rmikehodges)
- doesn't appear very active anymore
- https://www.mdsec.co.uk/2020/04/designing-the-adversary-simulation-lab/
- https://github.com/clong/DetectionLab
- https://www.trustedsec.com/blog/automating-a-redelk-deployment-using-ansible/
Everything else in this post will be trying to keep up to date info about #RedTeamOps/#RedOps. Please feel free to comment on this post, and let me know about the different tools/ideas you have about this topic 😁️
Tweets
New blog post up which shows just how we build our ActiveBreach Adversary Simulation Lab using Terraform, DSC, InSpec, AWS Systems Manager, and Gitlab CI/CD pipelines. https://t.co/tUjurbrX2r pic.twitter.com/G6xN0Y1AEK
— Adam Chester (@_xpn_) April 17, 2020
Happy to be releasing RedELK Ansible playbooks. Hopefully they help others get into the great tool that is RedELK! https://t.co/awQyscqfqs
— Jason Lang (@curi0usJack) May 28, 2020
At long last!https://t.co/7UjlWFKmDc is live!
— [email protected]:~/ # (@offsec_ginger) September 2, 2020
(Mostly) Automated Red Team Infrastructure! Blog to follow.... #OSS #infosec #redteam #redteaming #hacking #red #ansible #automation #tools #offensivesecurity
Lab Env
Vuln VMs
Windows
- https://github.com/clong/DetectionLab/
- https://github.com/jckhmr/adlab
- https://github.com/outflanknl/Invoke-ADLabDeployer
Linux
Both
WIP
( ⬆️ means "Work in progress")
- ( Full Disclosure: this is my work ) https://github.com/ProfessionallyEvil/PENT
Web Apps
- ( Full Disclosure: this is my work ) https://github.com/SamuraiWTF/samuraiwtf
- includes:
Misc
Attack VMs
- (Full Disclosure: this is my project) https://github.com/elreydetoda/packer-kali_linux
- https://github.com/fireeye/commando-vm
Lesser known/eval'ing
these are some projects that I have found either through searching github for different things, or found on twitter. If I list something here then I am still identifying if it appears to be a viable/maintained project.
- https://github.com/cloudc2/kubered ( appears to be stale )
- https://github.com/christophetd/Adaz
- https://github.com/guidepointsecurity/RedCommander
Potential Projects
I have seen discussion/talk about them doing some type of automation to help deploy their red team tool/infra: