building a cyber range - kevin cardwell
TRANSCRIPT
Methods◦ New
From scratch◦ Clone
From and existing image◦ Convert
Works only on Windows
Virtual Machine Creation
2
Use the wizard◦ Has an easy install option
Only works for some operating systems Has two methods
Typical Accepts the standard defaults
Custom Can select memory allocation Network type
New
3
Custom◦ Preferred method◦ Allows for SCSI or IDE virtual disk◦ Store the virtual disk in another location
New (cont)
4
Creates a copy of the virtual machine◦ Linked
Related to the VM used as source◦ Full
Complete and separate clone
Cloning
5
VmWare Converter◦ A tool to convert a physical machine to a virtual
machine◦ Not an exact science◦ Only on Windows
Converting
7
Creates a network completely contained within the host
Can isolate a network Cannot connect to the Internet
Host-Only
11
Router◦ If do not have a device◦ Use dynamips
www.dynagen.org Requires Cisco IOS
Zeroshell www.zeroshell.org
Bastion Host◦ Any
Smoothwall free version – www.smoothwall.org pfsense
Based on FreeBSD Load balancing
Build it with 3 or 4 interfaces◦ Red◦ Green◦ Orange (DMZ)◦ Purple Wireless
Components
14
Attacker machine◦ Windows with a VM
Kali Pentoo Build your own custom box
An inside machine◦ Windows
All boxes with at least two network cards configured◦ Can bind and isolate attacks if needed
Start research◦ Lab it up and test it!
Components (cont)
15
When you do your information gathering Identify the systems, services and software Lab it up and play!
◦ Start with a flat network◦ If you cannot get it with that, you never will
through layers of defense Document what works and does not work
Planning
17
20
As you compromise assets, the perspective of the attacker changes
You now are located at the point of the compromised system
Allows us to leverage trust relationships
Island Hopping and Pivoting
21
Island Hopping and Pivoting (cont)
External
Screeningrouter
Internal
Bastionhost
WWWserver
FTPserver
Services subnet
22
A component of island hopping and pivoting Leverages the inside machine
◦ Plant my exploits there run exploits all from the inside machine
◦ This is fun!!!!! Requires an advanced shell
◦ The inside machine is not going to know about your network Have to add a route on the inside machine
Made easy with the tools Metasploit Meterpreter
Exploit Proxy