Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
guides:lockdown_black_team [2020/04/24 06:41] aibekzhy |
guides:lockdown_black_team [2021/04/27 02:57] (current) aibekzhy |
||
---|---|---|---|
Line 35: | Line 35: | ||
- Install libselinux-python | - Install libselinux-python | ||
- Ensure Release of child OSes match supported OS: https://kb.vmware.com/s/article/1005870 | - Ensure Release of child OSes match supported OS: https://kb.vmware.com/s/article/1005870 | ||
+ | |||
+ | |||
* Windows: | * Windows: | ||
- VMWare tools | - VMWare tools | ||
Line 44: | Line 46: | ||
- Disable/Uninstall Windows Defender (Registry/GPO) | - Disable/Uninstall Windows Defender (Registry/GPO) | ||
- Disable Windows Updates (Registry/GPO/Services) | - Disable Windows Updates (Registry/GPO/Services) | ||
+ | - Make sure ansible deployment has a unique AD_Name for every host, to avoid hostname collisions | ||
+ | - Allow remote connections to the computer, under "Remote" tab of System Properties | ||
- Ensure Sleep is disabled | - Ensure Sleep is disabled | ||
- Try to Debloat as much as possible: https://github.com/Sycnex/Windows10Debloater (Might not worth it) | - Try to Debloat as much as possible: https://github.com/Sycnex/Windows10Debloater (Might not worth it) | ||
Line 50: | Line 54: | ||
- Windows 10 Enterprise specific: | - Windows 10 Enterprise specific: | ||
- Make sure when Template is deployed, it has an Ethernet Access. If it doesn't have one, it will reboot endlessly: https://superuser.com/questions/933754/why-does-windows-10-shut-down-hourly-with-initiated-power-off-on-behalf-of-nt-a | - Make sure when Template is deployed, it has an Ethernet Access. If it doesn't have one, it will reboot endlessly: https://superuser.com/questions/933754/why-does-windows-10-shut-down-hourly-with-initiated-power-off-on-behalf-of-nt-a | ||
+ | |||
+ | |||
* Pfsense: | * Pfsense: | ||
- Ensure VMware Guest tools installed | - Ensure VMware Guest tools installed | ||
Line 60: | Line 66: | ||
* Ensure you take a snapshot of the entire infrastructure after deploying your malware | * Ensure you take a snapshot of the entire infrastructure after deploying your malware | ||
* Manually login to every VM after the red team is done pre-staging. This ensures that everything is still operational, and in addition, it loads a lot of things from disk to memory, which ensures a smoother experience at the start of the competition. | * Manually login to every VM after the red team is done pre-staging. This ensures that everything is still operational, and in addition, it loads a lot of things from disk to memory, which ensures a smoother experience at the start of the competition. | ||
+ | * If the performance of VMs is very slow, try to lower the number of snapshots or use the snapshots that were created are no longer than a day before the competition. | ||
Line 115: | Line 122: | ||
**Note: %02d just represents a padded 0.** | **Note: %02d just represents a padded 0.** | ||
+ | |||
+ | Aibek to Aibek: PLEASE FIX ANSIBLE RELATIVE PATHING |