guides:lockdown_black_team

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
guides:lockdown_black_team [2020/04/14 23:13]
aibekzhy python executables
guides:lockdown_black_team [2021/04/27 02:57] (current)
aibekzhy
Line 35: Line 35:
       - Install libselinux-python       - Install libselinux-python
     - Ensure Release of child OSes match supported OS: https://​kb.vmware.com/​s/​article/​1005870     - Ensure Release of child OSes match supported OS: https://​kb.vmware.com/​s/​article/​1005870
 +
 +
   * Windows:   * Windows:
     - VMWare tools     - VMWare tools
Line 44: Line 46:
     - Disable/​Uninstall Windows Defender (Registry/​GPO)     - Disable/​Uninstall Windows Defender (Registry/​GPO)
     - Disable Windows Updates (Registry/​GPO/​Services)     - Disable Windows Updates (Registry/​GPO/​Services)
 +    - Make sure ansible deployment has a unique AD_Name for every host, to avoid hostname collisions
 +    - Allow remote connections to the computer, under "​Remote"​ tab of System Properties
     - Ensure Sleep is disabled     - Ensure Sleep is disabled
     - Try to Debloat as much as possible: https://​github.com/​Sycnex/​Windows10Debloater (Might not worth it)     - Try to Debloat as much as possible: https://​github.com/​Sycnex/​Windows10Debloater (Might not worth it)
 +    - Sometimes windows may start randomly shutting down. In which case please look into the following
 +    - Use High-performance Battery Profile
 +    - Windows 10 Enterprise specific:
 +      - Make sure when Template is deployed, it has an Ethernet Access. If it doesn'​t have one, it will reboot endlessly: https://​superuser.com/​questions/​933754/​why-does-windows-10-shut-down-hourly-with-initiated-power-off-on-behalf-of-nt-a ​
 +
  
   * Pfsense:   * Pfsense:
Line 57: Line 66:
   * Ensure you take a snapshot of the entire infrastructure after deploying your malware   * Ensure you take a snapshot of the entire infrastructure after deploying your malware
   * Manually login to every VM after the red team is done pre-staging. This ensures that everything is still operational,​ and in addition, it loads a lot of things from disk to memory, which ensures a smoother experience at the start of the competition. ​   * Manually login to every VM after the red team is done pre-staging. This ensures that everything is still operational,​ and in addition, it loads a lot of things from disk to memory, which ensures a smoother experience at the start of the competition. ​
 +  * If the performance of VMs is very slow, try to lower the number of snapshots or use the snapshots that were created are no longer than a day before the competition.
  
  
Line 112: Line 122:
  
 **Note: %02d just represents a padded 0.** **Note: %02d just represents a padded 0.**
 +
 +Aibek to Aibek: PLEASE FIX ANSIBLE RELATIVE PATHING
  • guides/lockdown_black_team.1586905982.txt.gz
  • Last modified: 2020/04/14 23:13
  • by aibekzhy