About The Repository
Usage
Add New Account
To Continue Working
Deploy a Mitre Caldera laboratory to pass Red Team tests on the different cloud providers and subscriptions on the same cloud.
This repository is still under development, remaining to install Windows machine using Ansible on AWS, and deploy and install con Azure.
Currently, it deploys a Caldera server and a Linux host with the Qualys agent installed on both machines. And Windows machine, on AWS, installed with "user data" functionality, and Azure without installing anything. This is done using a pipeline for deployment and another one for destruction, to minimize costs once the tests are finished. It also has an additional pipeline to generate a basic Ubuntu 22.04 image with Packer, in case it is necessary to use custom images. These pipelines are built with GitHub Actions and all confidential information are stored as secrets inside this repository.
The infrastructure is generated and destroy, using Terraform. Caldera software and agents are installed using separate Ansible modules.
All code has been made as modular as possible with the intention of being reusable in other projects.
Usage of the repository.
- Click on the Actions tab -> Deploy infrastructure workflow.
- Select the cloud and the account where you want to deploy the lab, (if it does not appears read the add new account section) and click on "Run workflow".
- Wait until deployment is complete.
- Select the "deploy-caldera-hosts" job -> deploy the "Terraform apply" task and from the outputs get the information
to connect to the lab.
- Click on the Actions tab -> destroy infrastructure.
- Select the cloud and the account where you want to destroy the lab and click on "Run workflow".
- Wait until the pipeline is done for the lab was being destroyed.
To add a new account in which to deploy the laboratory, first, you would choose a short name that uniquely identifies the account, only alphanumeric characters are allowed.
Doing that appears as an option in the drop-down menu, to do so:
- In the repository, in the code tab -> .github -> workflows.
- Open the "deploy_infrastructure.yaml" file -> edit it.
- In the file go to, "on:" -> "workflow_dispatch:" -> "inputs:" -> "account:" -> "options:", add preceded by a hyphen
and respecting the indentation, the name of the account to add.
- On the right side click on "Start commit", add a title and a description and upload the changes with "Commit changes".
- Repeat steps 2 to 4 with the file "destroy_infrastructure.yaml".
Next, must be added the credentials and sensitive data to be used to the deployment.
The cloud data requirements are:
- For Azure, the Service Principal, must have the client id (ID), client secret (SECRET), subscription id. (SUBSCRIPTION), and tenant id (TENANT).
- For AWS the client id (ID) and the access key (KEY).
Add the relevant secrets (sub-section add secret) of the cloud on what you want to deploy, following this nomenclature of name and all in capital letters, "". For example for the DETECT Azure account, you have to create 4 secrets:
- AZURE_DETECT_CLIENT, with the client id.
- AZURE_DETECT_SECRET, with client secret
- AZURE_DETECT_SUBSCRIPTION, with the subscription id
- AZURE_DETECT_TENANT, with the tenant id
And for the same account but in AWS:
- AWS_DETECT_ID, with the client id
- AWS_DETECT_KEY, with the access key
Another sensitive data to provide is the license for the Qualys agent, for this, a secret is created
(sub-section add secret), with the nomenclature of name, "<ACCOUNTNAME_QUALYS>", the secret must
have the following structure, "ActivationId=xxxx CustomerId=xxxxxx", all in the same secret and leaving
a space between the Activation Id and the Customer Id.
- Go to the "Settings" tab of the repository -> Secrets -> Actions.
- Click on "New repository secret", for the name follow the agreed nomenclature.
- Click on "Add secret"
A list future task:
- Install Windows machine using Ansible modules for AWS.
- Deploy and install Windows machine using Ansible modules for Azure.