2nd Edition

Tracking the trends and news for IT and IT Security

Paul Davis

Automated Emulation: Open-source breach and attack simulation lab

Automated Emulation: Open-source breach and attack simulation lab>
Help Net Security – Mirko Zorz
Automated Emulation is an open-source Terraform template intended for creating a customized, automated breach and attack simulation lab in AWS.
The solution automatically constructs resources including a Linux server deploying Caldera, Prelude Operator Headless, and VECTR, as well as a Windows Client (Windows Server 2022) configured for Caldera agent deployment, Prelude pneuma, and other Red & Blue tools.
Notably, the lab differentiates itself by avoiding the need for secondary tools like Ansible for configuration management, instead using Terraform providers (AWS SDK) and built-in AWS features (user data).
The creator, Jason Ostrom, developed this solution to promote infrastructure security skills, particularly focused on adversary simulation, TTP correlations, and endpoint security product evaluations.
He emphasizes the security and accessibility benefits of making this technology approach available to the community, mentioning its use in a new SANS class called SEC598\) Notably, Automated Emulation significantly utilizes cloud provider features like “user-data” for enforce changes, without needing secondary configuration management tools.
Moreover, the lab’s automation allows immediate testing of payloads and abilities post-lab creation and facilitates the deployment of various security tools and agents.
The solution encompasses unique capabilities, such as the automatic bootstrapping of Caldera Sandcat agent and Prelude Operator for Red and Blue team activity tracking, among other features.
Most notably, the project is designed to streamline the testing and deployment of security tools and simulations, minimizing the need for secondary tools and potential points of failure, as observed in traditional environments.
Automated Emulation is published on GitHub and offered as an open-source resource to the security community.
Link: https://www.helpnetsecurity.com/2024/01/25/automated-emulation-open-source-attack-simulation-lab/

Categories:

Tags: