Breach Attack Simulation - Starting With OpenBAS

Caldera has been in market for years, I have never tried it. I saw OpenBAS on my recommended lists in Github so I thought I might give it a try

Installation

Since I have my docker server running I used that. There are ways to install it directly as well, I didn't go through it.

I followed steps as per the docs

mkdir -p ~/openBAS && cd ~/openBAS
git clone https://github.com/OpenBAS-Platform/docker.git .

Changing Environment Variables

I did nothing in this regard. This was a local test for me. I just followed the installation guide and ran the following commands

mv .env.sample .env
export $(cat .env | grep -v "#" | xargs)

Starting the docker

When I tried

docker-compose up -d

It gave me an error that the file rabbitmq.conf should have the full path.

It seems like a simple fix in the docker-compose.yml file. Find the section about RabbitMQ and change the source to include a full path or a ./

rabbitmq:
    image: rabbitmq:4.0-management
    environment:
      - RABBITMQ_DEFAULT_USER=${RABBITMQ_DEFAULT_USER}
      - RABBITMQ_DEFAULT_PASS=${RABBITMQ_DEFAULT_PASS}
      - RABBITMQ_NODENAME=rabbit01@localhost
    volumes:
      - type: bind
        source: ./rabbitmq.conf #Fix This Line 
        target: /etc/rabbitmq/rabbitmq.conf
      - amqpdata:/var/lib/rabbitmq
    restart: always

After fixing the docker-compose.yml file. The docker-compose up -d command was successful. After a few minutes, the system was ready and I could reach the platform web UI at http://localhost:8080

The credentials were supplied in the .env file. I used that to log in.

Platform

The platform was nice and very intuitive to me. There is a 3 min short video of OpenBAS as well.

Installing the agent

The agent installation is a breeze. Click the top right button and follow the instructions

The next step is to run the agent as an admin and non-admin user. I leave that as an exercise to the reader. I am sure the reader of this blog post knows how to run a bunch of Powershell commands as an admin and non-admin user.

Creating a Scenario

Use the Scenarios button to list or create a scenario

For creating a scenario, use the bottom right bottom and provide details as follows

I was only interested in running some tactics through my agent first. My larger goal would be to import tactics and run them for a specific threat group. I'll try that in a later post. For now, just running some tactics would be fine.

After creating the scenario, click on injects and import the tactics you want to run. For sampling, I imported a few injects related to process injection

To add an inject, click on inject and click create

Once you have the injects that you want, you will see something like this in your injects tab of the scenario you created.

Now lets change the missing content status to enabled. click update

Now Add the missing content.

Once done, your TTP should be enabled. Now let's click Launch

In a few moments, you will see the results

Final Thoughts

Looks pretty awesome at first glance. Will explore how to integrate with OpenCTI to include scenarios.

References

PreviousSelf-Hosting Havoc C2 / or any other C2 in Docker NextSetting Up OPENVAS in KALI 2020.3

Last updated 2 months ago

Was this helpful?