🏠 Team IT Security News

TSecurity.de ist eine Online-Plattform, die sich auf die Bereitstellung von Informationen,alle 15 Minuten neuste Nachrichten, Bildungsressourcen und Dienstleistungen rund um das Thema IT-Sicherheit spezialisiert hat.
Ob es sich um aktuelle Nachrichten, Fachartikel, Blogbeiträge, Webinare, Tutorials, oder Tipps & Tricks handelt, TSecurity.de bietet seinen Nutzern einen umfassenden Überblick über die wichtigsten Aspekte der IT-Sicherheit in einer sich ständig verändernden digitalen Welt.

16.12.2023 - TIP: Wer den Cookie Consent Banner akzeptiert, kann z.B. von Englisch nach Deutsch übersetzen, erst Englisch auswählen dann wieder Deutsch!

Google Android Playstore Download Button für Team IT Security

800+ IT News als RSS Feed abonnieren

Thema auswählen:

📚 Splunk Attack Range - A Tool That Allows You To Create Vulnerable Instrumented Local Or Cloud Environments To Simulate Attacks Against And Collect The Data Into Splunk

🕛 Zeit seit Veröffentlichung: 1584 Tage, 8 Stunden 51 Minuten
📆 Veröffentlicht am: 11.12.2019 um 21:25 Uhr
💡 Newskategorie: IT Security Nachrichten
🔗 Quelle: feedproxy.google.com

The Attack Range solves two main challenges in development of detections. First, it allows the user to quickly build a small lab infrastructure as close as possible to your production environment. This lab infrastructure contains a Windows Domain Controller, Windows Workstation and Linux server, which comes pre-configured with multiple security tools and logging configuration. The infrastructure comes with a Splunk server collecting multiple log sources from the different servers.
Second, this framework allows the user to perform attack simulation using different engines. Therefore, the user can repeatedly replicate and generate data as close to "ground truth" as possible, in a format that allows the creation of detections, investigations, knowledge objects, and playbooks in Splunk.

Architecture
Attack Range can be used in two different ways:

local using vagrant and virtualbox
in the cloud using terraform and AWS

In order to make Attack Range work on almost every laptop, the local version using Vagrant and Virtualbox consists of a subset of the full-blown cloud infrastructure in AWS using Terraform. The local version consists of a Splunk single instance and a Windows 10 workstation pre-configured with best practice logging configuration according to Splunk. The cloud infrastructure in AWS using Terraform consists of a Windows 10 workstation, a Windows 2016 server and a Splunk server. More information can be found in the wiki

Configuration

Running
Attack Range supports different actions:

Build Attack Range
Perform Attack Simulation
Destroy Attack Range
Stop Attack Range
Resume Attack Range

Build Attack Range

Build Attack Range using Terraform

python attack_range.py -m terraform -a build

Build Attack Range using Vagrant

python attack_range.py -m vagrant -a build

Perform Attack Simulation

Perform Attack Simulation using Terraform

python attack_range.py -m terraform -a simulate -st T1117,T1003 -t attack-range_windows_2016_dc

Perform Attack Simulation using Vagrant

python attack_range.py -m vagrant -a simulate -st T1117,T1003 -t win10

Destroy Attack Range

Destroy Attack Range using Terraform

python attack_range.py -m terraform -a destroy

Destroy Attack Range using Vagrant

python attack_range.py -m vagrant -a destroy

Stop Attack Range

Stop Attack Range using Terraform

python attack_range.py -m terraform -a stop

Stop Attack Range using Vagrant

python attack_range.py -m vagrant -a stop

Resume Attack Range

Resume Attack Range using Terraform

python attack_range.py -m terraform -a resume

Resume Attack Range using Vagrant

python attack_range.py -m vagrant -a resume

Support
Please use the GitHub issue tracker to submit bugs or request features.
If you have questions or need support, you can:

Post a question to Splunk Answers
Join the #security-research room in the Splunk Slack channel
If you are a Splunk Enterprise customer with a valid support entitlement contract and have a Splunk-related question, you can also open a support case on the https://www.splunk.com/ support portal

Author

Jose Hernandez

Contributors

Rod Soto
Bhavin Patel
Patrick Bareiß
Russ Nolen
Phil Royer

Acknowledgements

DetectionLab
Atomic Red team
Sysmon configuration

Download Attack_Range

...

Sharing is caring on Social Media

Join the Team IT Security Community

📌 Splunk Attack Range - A Tool That Allows You To Create Vulnerable Instrumented Local Or Cloud Environments To Simulate Attacks Against And Collect The Data Into Splunk

🕛 1583 Tage, 2 Stunden 15 Minuten
📆 11.12.2019 um 21:25 Uhr
📈 195.92 Punkte

📌 Data privacy: Collect what you need, protect what you collect

🕛 620 Tage, 16 Stunden 59 Minuten
📆 01.08.2022 um 11:00 Uhr
📈 42.44 Punkte

📌 Data privacy: Collect what you need, protect what you collect

🕛 620 Tage, 16 Stunden 59 Minuten
📆 01.08.2022 um 11:00 Uhr
📈 42.44 Punkte

📌 Vulnerable-AD - Create A Vulnerable Active Directory That'S Allowing You To Test Most Of Active Directory Attacks In Local Lab

🕛 1323 Tage, 5 Stunden 59 Minuten
📆 28.08.2020 um 23:30 Uhr
📈 41.63 Punkte

📌 Security In 5: Episode 250 - Apple Now Allows You To See The Data They Collect On You

🕛 2142 Tage, 14 Stunden 15 Minuten
📆 01.06.2018 um 15:07 Uhr
📈 36.83 Punkte

📌 MS Edge now allows you to simulate dark, light, high contrast mode, blurred vision and colour deficiencies in Device Emulation

🕛 350 Tage, 14 Stunden 54 Minuten
📆 28.04.2023 um 15:10 Uhr
📈 36.38 Punkte

📌 CVE-2022-43572 | Splunk Enterprise up to 8.1.11/8.2.8/9.0.1 Splunk-to-Splunk Collector/HTTP Event Collector resource consumption (svd-2022-1111)

🕛 494 Tage, 23 Stunden 25 Minuten
📆 05.12.2022 um 06:08 Uhr
📈 36.21 Punkte

📌 Test, Test & Test Again - Are Your Safety Instrumented Systems Cybersecure?

🕛 2229 Tage, 14 Stunden 0 Minuten
📆 06.03.2018 um 15:55 Uhr
📈 35.31 Punkte

📌 Low CVE-2022-1933: Collect and deliver interface for woocommerce project Collect and deliver interface for woocommerce

🕛 634 Tage, 14 Stunden 0 Minuten
📆 17.07.2022 um 14:30 Uhr
📈 34.76 Punkte

📌 QRExfiltrate - Tool That Allows You To Convert Any Binary File Into A QRcode Movie. The Data Can Then Be Reassembled Visually Allowing Exfiltration Of Data In Air Gapped Systems

🕛 384 Tage, 16 Stunden 41 Minuten
📆 25.03.2023 um 12:30 Uhr
📈 32.27 Punkte

📌 EvilNet - Network Attack Wifi Attack Vlan Attack Arp Attack Mac Attack Attack Revealed Etc...

🕛 1383 Tage, 14 Stunden 59 Minuten
📆 29.06.2020 um 14:30 Uhr
📈 32.16 Punkte

📌 Alexa, are you listening? The Amazon Echo is vulnerable to a physical attack that allows an attacker to gain a root shell on the underlying Linux operating system and install malware without leaving physical evidence of tampering.

🕛 1522 Tage, 23 Stunden 30 Minuten
📆 11.02.2020 um 05:53 Uhr
📈 30.41 Punkte

📌 Splunk announces platform updates to address the complexities of multi-cloud and hybrid environments

🕛 667 Tage, 23 Stunden 12 Minuten
📆 15.06.2022 um 04:10 Uhr
📈 30.1 Punkte

📌 If you have to simulate a phishing attack on your org, at least try to get something useful from it

🕛 2053 Tage, 17 Stunden 45 Minuten
📆 29.08.2018 um 11:22 Uhr
📈 29.96 Punkte

📌 Damn-Vulnerable-GraphQL-Application - Damn Vulnerable GraphQL Application Is An Intentionally Vulnerable Implementation Of Facebook's GraphQL Technology, To Learn And Practice GraphQL Security

🕛 1153 Tage, 17 Stunden 30 Minuten
📆 14.02.2021 um 12:30 Uhr
📈 29.76 Punkte

📌 Weave Scope is now being exploited in attacks against cloud environments

🕛 1311 Tage, 15 Stunden 45 Minuten
📆 09.09.2020 um 12:58 Uhr
📈 29.17 Punkte

📌 Cado varc allows security professionals to collect a snapshot of volatile data

🕛 541 Tage, 0 Stunden 59 Minuten
📆 20.10.2022 um 04:30 Uhr
📈 28.94 Punkte

📌 Automatic API Attack Tool - Customizable API Attack Tool Takes An API Specification As An Input, Generates And Runs Attacks That Are Based On It As An Output

🕛 1576 Tage, 8 Stunden 29 Minuten
📆 19.12.2019 um 21:30 Uhr
📈 28.81 Punkte

📌 GATOR - GCP Attack Toolkit For Offensive Research, A Tool Designed To Aid In Research And Exploiting Google Cloud Environments

🕛 172 Tage, 11 Stunden 12 Minuten
📆 23.10.2023 um 19:45 Uhr
📈 28.77 Punkte

📌 Now AWS will let you simulate entire cities in the cloud

🕛 499 Tage, 13 Stunden 25 Minuten
📆 30.11.2022 um 16:10 Uhr
📈 28.49 Punkte

📌 Meet ToolEmu: An Artificial Intelligence Framework that Uses a Language Model to Emulate Tool Execution and Enables the Testing of Language Model Agents Against a Diverse Range of Tools and Scenarios Without Manual Instantiation

🕛 78 Tage, 9 Stunden 22 Minuten
📆 25.01.2024 um 20:44 Uhr
📈 28.49 Punkte

📌 Cloud Security Alliance Study Identifies New And Unique Security Challenges In Native Cloud, Hybrid And Multi-cloud Environments

🕛 1788 Tage, 3 Stunden 59 Minuten
📆 22.05.2019 um 01:14 Uhr
📈 27.6 Punkte

📌 Node.js: Node.js is vulnerable to the Marvin Attack (timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding)

🕛 57 Tage, 9 Stunden 36 Minuten
📆 01.12.2023 um 15:31 Uhr
📈 27.42 Punkte

📌 Meet xTuring: An Open-Source Tool That Allows You to Create Your Own Large Language Model (LLMs) With Only Three Lines of Code

🕛 378 Tage, 19 Stunden 56 Minuten
📆 31.03.2023 um 10:13 Uhr
📈 26.76 Punkte

📌 Jackdaw - Tool To Collect All Information In Your Domain And Show You Nice Graphs

🕛 1470 Tage, 15 Stunden 44 Minuten
📆 03.04.2020 um 13:30 Uhr
📈 26.71 Punkte

📌 This is How You Simulate Making Pasta (and Soba) ?

🕛 1662 Tage, 12 Stunden 44 Minuten
📆 24.09.2019 um 17:26 Uhr
📈 26.39 Punkte

📌 If you want to remap your keyboard keys or mouse buttons to certain keys, use "Input Remapper" by sezanzeb. It's VERY simple, it has a GUI, and it just WORKS. I just have set a certain shortcut to simulate a keyboard key, works well.

🕛 461 Tage, 15 Stunden 15 Minuten
📆 07.01.2023 um 13:51 Uhr
📈 26.39 Punkte

📌 RoboDroid: Manage (and soon deploy) Android machines with pre-defined behaviors for Cyber Range environments.

🕛 364 Tage, 12 Stunden 26 Minuten
📆 14.04.2023 um 17:36 Uhr
📈 26.31 Punkte