# Breach Attack Simulation - Starting With OpenBAS ## Installation Since I have my docker server running I used that. There are ways to install it directly as well, I didn't go through it. I followed steps as per the docs ``` mkdir -p ~/openBAS && cd ~/openBAS git clone https://github.com/OpenBAS-Platform/docker.git . ``` ### Changing Environment Variables I did nothing in this regard. This was a local test for me. I just followed the installation guide and ran the following commands ``` mv .env.sample .env export $(cat .env | grep -v "#" | xargs) ``` ### Starting the docker When I tried ``` docker-compose up -d ``` It gave me an error that the file *rabbitmq.conf* should have the full path. It seems like a simple fix in the *docker-compose.yml file.* Find the section about RabbitMQ and change the source to include a full path or a ./ ``` rabbitmq: image: rabbitmq:4.0-management environment: - RABBITMQ_DEFAULT_USER=${RABBITMQ_DEFAULT_USER} - RABBITMQ_DEFAULT_PASS=${RABBITMQ_DEFAULT_PASS} - RABBITMQ_NODENAME=rabbit01@localhost volumes: - type: bind source: ./rabbitmq.conf #Fix This Line target: /etc/rabbitmq/rabbitmq.conf - amqpdata:/var/lib/rabbitmq restart: always ``` After fixing the docker-compose.yml file. The `docker-compose up -d` command was successful. After a few minutes, the system was ready and I could reach the platform web UI at `http://localhost:8080` ### Login The credentials were supplied in the `.env` file. I used that to log in. ### Platform The platform was nice and very intuitive to me. There is a 3 min short video of OpenBAS as well. {% embed url="" %} ### Installing the agent The agent installation is a breeze. Click the top right button and follow the instructions
The next step is to run the agent as an admin and non-admin user. I leave that as an exercise to the reader. I am sure the reader of this blog post knows how to run a bunch of Powershell commands as an admin and non-admin user. ### Creating a Scenario Use the Scenarios button to list or create a scenario
For creating a scenario, use the bottom right bottom and provide details as follows
I was only interested in running some tactics through my agent first. My larger goal would be to import tactics and run them for a specific threat group. I'll try that in a later post. For now, just running some tactics would be fine. After creating the scenario, click on injects and import the tactics you want to run. For sampling, I imported a few injects related to process injection
To add an inject, click on inject and click create
Once you have the injects that you want, you will see something like this in your injects tab of the scenario you created.
Now lets change the missing content status to enabled. click update
Now Add the missing content.
Once done, your TTP should be enabled. Now let's click Launch
In a few moments, you will see the results
### Final Thoughts Looks pretty awesome at first glance. Will explore how to integrate with OpenCTI to include scenarios. ### References {% embed url="" %} {% embed url="" %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://www.redteam.cafe/red-team/breach-attack-simulation-starting-with-openbas.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.