A Caldera for OT plugin supplying Caldera with BACnet protocol TTPs. This is part of a series of plugins that provide added threat emulation capability for Operational Technology (OT) environments.
Full BACnet plugin documentation can be viewed as part of fieldmanual, once the Caldera server is running.
To run Caldera along with BACnet plugin:
- Download Caldera as detailed in the Installation Guide
- Install the bacnet plugin in Caldera's plugin directory:
caldera/plugins - Enable the bacnet plugin by adding
- bacnetto the list of enabled plugins inconf/local.ymlorconf/default.yml(if running Caldera in insecure mode)
This plugin is compatible with the current version of Caldera v4.1.0 as of 26 Jan 2023. This can be checked out using the following method:
git clone --recursive https://github.com/mitre/caldera.git
Building of the BACnet plugin payloads has been tested as described here. See the corresponding plugin payload source code for further build information.
Testing of the binaries has occured on:
- Microsoft Windows 10 v21H2
- Ubuntu 22.04.2 LTS
- Import the plugin, and optionally set up the required facts (i.e. like the fact sources provided).
- Start an operation, optionally using the fact source you set up.
- Use "Add Potential Link" to run a specific ability from this plugin. You can enter the fact values manually, or use the ones from your fact source.
Sources contains a small example fact set and the fieldmanual documentation contains a reference section on BACnet sources.