RedHunt - Adversary Emulation & Intelligence
There are lots of security tools for pentesters. I’ve already worked with Social Engineering Toolkit (SET), Metasploit and many other security tools included in Kali Linux. However, I would like to write about RedHunt in this post. This is an useful operating system for threat emulation and threat hunting which help us to know how secure is our environment. Actually, RedHunt is based on Lubuntu and security tools such as Caldera, Atomic Red Team, DumpsterFire or Metta are included. I’ll write about them.
Caldera is an emulation system which uses an agent in each system we want to know how secure it is. This agent runs commands in the infrastructure as it were an adversary. The results are sent to Caldera where we can see successful attacks. The new version, Caldera 2.0, added the chain mode, as well as the adversary mode, which allow us to orchestrate atomic unit tests into larger attack sequences. I think it is an interesting tool to execute attacks against servers to know the security of the IT infrastructure.
Atomic Red Team is another tool included in RedHunt, like Caldera, to execute simple “atomic tests” which is useful for red teams to know how secure is the infrastructure. There are no agents and we can execute scripts against servers to test security controls. It’s an interesting tool to know what attacks we can detect and what attacks we can not detect. In addition, it’s easy to run a test due to the fact that five minutes are enough to execute an “atomic test” with this tool. Therefore, Atomic Red Team is a good library of simple tests to emulate adversaries.
|Atomic Red Team|
RedHunt is full of security tools. If you want a tool for scheduling tasks such as visiting various hacking Websites, downloading a few common hacking tools and scanning the local network, DumpsterFire is your tool. This tool help us to schedule tasks as it were run by a human. For instance, we can open an URL session at 2 PM, wait for 60 seconds, and open another URL session or execute an script. What’s more, there are already Fires or event modules configured in this tool although we can also configure and develop our own.
Another tool for adversarial simulation is Metta. This security tool is similar to Atomic Red Team where we can test hosts and networks to know if security systems detect attacks. Metta parses a yaml file where we write a list of “actions” which are run one at a time without manual interaction. In addition, Metta does log all output to a json file and to a simple HTML log, which is useful to incorporate the results in a framework for reporting.
I think RedHunt is an interesting virtual machine where we have many security tools to emulate adversaries. It has many tools, useful for red teams and blue teams, which can be run against servers and networks to know how secure is the IT infrastructure.
Regards my friends. Keep learning and test your IT infrastructure as if you were a real adversary.