For research of defensive security techniques it is vital to have realistic and up-to-date adversarial data/behavior.
The goal is to manage several pods in a sandboxed environment (i.e. Kubernetes cluster) with an adversary and a target application. The adversary should be capable of performing several different adversarial techniques either from a single point or by spawning several other helper pods on a target system. The main focus is not on the types of attack, but managing the two parties in the environment by monitoring the environment and allowing simple interaction with the parties. Depending on the used adversary (research necessary; either use existing tools or 'simple' replays of previously captured raw network traffic) can it be controlled either via a dedicated web interface or via a general dashboard of the sandboxed environment.
- Setup Kubernetes environment
- Put tooling for observation of the battlefield in place (Istio + Kiali?)
- Setup adversary (e.g. Caldera, Infection Monkey, Atomic Red Team, custom application, ...)
- Configure attack pattern(s)
-
add scaling mechanism to spawn additional attacking pods
- Setup target application (OWASP Juice Shop)
- Install istioctl https://istio.io/docs/setup/getting-started/#download
- Checkout repository
- Start cluster (or use a local minikube cluster)
./start_minik.sh
- Install istio on the cluster
./kiali_init_setup.sh
-
!!!Prep/Install Kiali Kiali Setup. You need to add the Kiali Credentials!
-
Start Services / configure Network
./setup.sh
As soon as the environment is set up the clients (i.e. frigates) will connect to the CnC server using a RAT they come equipped with. Once the clients are connected, an operation can be started using the Caldera webinterface. which can be reached at For this:
- navigate to the Caldera webinterface (
minikube ipand port 32700) - open the Operations view under the Campaign tab
- plan a new operation by clicking on
VIEWto switch toAddmode Startoperation