For this Lab, you’ll need:
- Ubuntu 22.04
- I suggest using VMWare player locally and ensure the network adapters are in bridged mode.
- Windows 10 VM
Lab Objective:
- Learn to use the Caldera framework as a tool to maintain persistence post-compromise.
- Learn about the MITRE ATT&CK Framework.
- Learn about the Cyber Kill Chain
- Learn about data exfiltration techniques.
- Learn about PowerShell
One of the concepts every cybersecurity professional is familiar with is the MITRE ATT&CK Framework. It describes all the TTPs (Tactics, Techniques, and Procedures) that adversaries can utilize against target infrastructure.
We’ll be using the Caldera attack platform to automate the exploitation process. The nice thing about Caldera is MITRE developed it to align with the MITRE ATT&CK framework. Trying to grasp all the TTPs outlined in the MITRE ATT&CK framework can be overwhelming due to the multitude of definitions and relationships within the various matrices. With Caldera, however, it becomes possible to execute multiple attacks and explore each one's inner workings, gaining insight into the factors that render an operating system vulnerable.
Caldera can be found on GitHub, and the documentation can be found here. (It’s suggested that as we move through this unit, you refer to the documentation and watch people use it on YouTube when you have questions or want to learn more. We’re just going to scratch the surface in this lab. )
We’ll need to install git first:
apt install git
Clone the Caldera repository:
- This one takes a minute to complete.
- We’ll use branch 4.2.0 because the newest branch, 5.0.0, appears to be broken.
git clone <https://github.com/mitre/caldera.git> --recursive --branch 4.2.0
cd caldera
We’ll need to install python3-pip and utilize the requirements.txt file to install all the required dependencies.
apt install python3-pip
pip3 install -r requirements.txt
#Comment: The command above this line is --very-- common when deploying Python frameworks found on GitHub