Tracking #RedOps
So, I have been following this space of red team automation for a while...
and this post came out of a conversation I had with one of my co-workers about some videos I have been doing at work. So, I am going to try and keep this post up to date with info about different projects for red team automation projects.
This was the message:
There are a few people that have given at least like small intros into things, but not a suite of things to connect everything together for redops like I feel is possible for all the devops tools that are out there.
Ya, I am definitely trying to take that approach towards discoverability and niche for my content.
A few others that I have been following are these people:
- https://twitter.com/_RastaMouse
- https://twitter.com/xpn
- https://twitter.com/curi0usJack
- https://twitter.com/Centurion
with these posts/projects:
- https://rastamouse.me/2017/08/automated-red-team-infrastructure-deployment-with-terraform---part-1/
- https://rastamouse.me/2017/09/automated-red-team-infrastructure-deployment-with-terraform---part-2/
- https://github.com/rmikehodges/hideNsneak (@rmikehodges)
- doesn't appear very active anymore
- https://www.mdsec.co.uk/2020/04/designing-the-adversary-simulation-lab/
- https://github.com/clong/DetectionLab
- https://www.trustedsec.com/blog/automating-a-redelk-deployment-using-ansible/
Everything else in this post will be trying to keep up to date info about #RedTeamOps/#RedOps. Please feel free to comment on this post, and let me know about the different tools/ideas you have about this topic ποΈ
Tweets
New blog post up which shows just how we build our ActiveBreach Adversary Simulation Lab using Terraform, DSC, InSpec, AWS Systems Manager, and Gitlab CI/CD pipelines. https://t.co/tUjurbrX2r pic.twitter.com/G6xN0Y1AEK
— Adam Chester (@_xpn_) April 17, 2020
Happy to be releasing RedELK Ansible playbooks. Hopefully they help others get into the great tool that is RedELK! https://t.co/awQyscqfqs
— Jason Lang (@curi0usJack) May 28, 2020
At long last!https://t.co/7UjlWFKmDc is live!
— [email protected]:~/ # (@offsec_ginger) September 2, 2020
(Mostly) Automated Red Team Infrastructure! Blog to follow.... #OSS #infosec #redteam #redteaming #hacking #red #ansible #automation #tools #offensivesecurity
Lab Env
Vuln VMs
Windows
- https://github.com/clong/DetectionLab/
- https://github.com/jckhmr/adlab
- https://github.com/outflanknl/Invoke-ADLabDeployer
Linux
Both
WIP
( β¬οΈ means "Work in progress")
- ( Full Disclosure: this is my work ) https://github.com/ProfessionallyEvil/PENT
Web Apps
- ( Full Disclosure: this is my work ) https://github.com/SamuraiWTF/samuraiwtf
- includes:
Misc
Attack VMs
- (Full Disclosure: this is my project) https://github.com/elreydetoda/packer-kali_linux
- https://github.com/fireeye/commando-vm
Lesser known/eval'ing
these are some projects that I have found either through searching github for different things, or found on twitter. If I list something here then I am still identifying if it appears to be a viable/maintained project.
- https://github.com/cloudc2/kubered ( appears to be stale )
- https://github.com/christophetd/Adaz
- https://github.com/guidepointsecurity/RedCommander
Potential Projects
I have seen discussion/talk about them doing some type of automation to help deploy their red team tool/infra: