{"id":6833,"date":"2022-05-28T22:53:38","date_gmt":"2022-05-28T20:53:38","guid":{"rendered":"http:\/\/dcg420.org\/?p=6833"},"modified":"2022-05-28T23:31:39","modified_gmt":"2022-05-28T21:31:39","slug":"howto_vectr_setup","status":"publish","type":"post","link":"https:\/\/dcg420.org\/en\/howto_vectr_setup\/","title":{"rendered":"Jak nastavit VECTR pro Purple teaming (Adversary emulation)"},"content":{"rendered":"

Pro sledov\u00e1n\u00ed kampan\u00ed Red team a Blue team v r\u00e1mci Purple teaming, jejich hodnocen\u00ed, a p\u0159edev\u0161\u00edm pak pro hodnocen\u00ed p\u0159ipravenosti samotn\u00fdch proces\u016f, lid\u00ed a n\u00e1stroj\u016f je velmi d\u016fle\u017eit\u00e9 ve\u0161ker\u00e9 souvisej\u00edc\u00ed \u010dinnosti dokumentovat. Pr\u00e1v\u011b k tomuto \u00fa\u010delu slou\u017e\u00ed n\u00e1stroj VECTR od spole\u010dnosti SRA<\/a><\/strong>. Nicm\u00e9n\u011b jak pozn\u00e1te pozd\u011bji nejde pouze jenom o pasivn\u00ed tool zaznamen\u00e1vaj\u00edc\u00ed postup va\u0161ich t\u00fdm\u016f, ale jde tak\u00e9 o postupn\u011b rozv\u00edjej\u00edc\u00ed se automatizovan\u00fd test framework (a\u010d je zat\u00edm v\u00a0plenk\u00e1ch).<\/p>\n

<\/p>\n

 <\/p>\n

Instalace a n\u00e1sledn\u00e9 nastaven\u00ed n\u00e1stroje VECTR je velmi jednoduch\u00e9 a \u010dasov\u011b nen\u00e1ro\u010dn\u00e9. Klidn\u011b m\u016f\u017eeme konstatovat, \u017ee od \u010dist\u00e9 instalace Ubuntu, na kterou budeme VECTR p\u0159id\u00e1vat, to zvl\u00e1dnete za n\u011bkolik minut.<\/p>\n

Po\u017eadavky:
\n1x Ubuntu<\/strong> server<\/strong> \u2013 Doporu\u010den\u00e1<\/strong> konfigurace 6 CPU<\/strong> and 16 GB RAM<\/strong>, ale pro testov\u00e1n\u00ed vysta\u010d\u00edte s\u00a02 CPU<\/strong> and 4 GB RAM<\/strong>.<\/p>\n

 <\/p>\n

Postup:<\/strong><\/p>\n

Pokud m\u00e1te instalov\u00e1n Ubuntu server 20.04 nebo vy\u0161\u0161\u00ed, jedin\u00fd p\u0159\u00edkaz, kter\u00fd budete pot\u0159ebovat je:<\/p>\n

$ sudo apt-get install docker.io docker-compose unzip<\/strong><\/p>\n

Vytvo\u0159te slo\u017eku pro VECTR a st\u00e1hn\u011bte z\u00a0githubu posledn\u00ed repo:<\/p>\n

$ mkdir -p \/opt\/vectr<\/strong><\/p>\n

$ cd \/opt\/vectr<\/strong><\/p>\n

$ wget https:\/\/github.com\/SecurityRiskAdvisors\/VECTR\/releases\/download\/ce-8.3.2\/sra-vectr-runtime-8.3.2-ce.zip -P \/opt\/vectr<\/strong><\/p>\n

$ unzip sra-vectr-runtime-8.3.2-ce.zip<\/strong><\/p>\n

Verze se samoz\u0159ejm\u011b m\u016f\u017ee li\u0161it podle toho, kdy tento postup \u010dtete, zkontrolujte si proto posledn\u00ed dostupnou verzi na:<\/p>\n

Releases \u00b7 SecurityRiskAdvisors\/VECTR (github.com)<\/a><\/strong><\/p>\n

 <\/p>\n

P\u0159ed samotn\u00fdm spu\u0161t\u011bn\u00edm docker compose je nutn\u00e9 je\u0161t\u011b editovat env soubor:<\/p>\n

$ sudo nano .env<\/strong><\/p>\n

\"\"<\/p>\n

Soubor upravte dle va\u0161eho prost\u0159ed\u00ed, aby VECTR fungoval existuje pouze jedin\u00e1 podm\u00ednka, a to zm\u011bna hostname, kdy m\u016f\u017eete samoz\u0159ejm\u011b klidn\u011b pou\u017e\u00edt i IP adresu. Doporu\u010dujeme zm\u011bnit i dal\u0161\u00ed \u00fadaje zvl\u00e1\u0161t\u011b pokud p\u0159esunujete VECTR do produkce.<\/p>\n

Te\u010f ji\u017e m\u016f\u017eete sm\u011ble zadat compose p\u0159\u00edkaz:<\/p>\n

$ sudo docker-compose up -d<\/strong><\/p>\n

Uveden\u00fd p\u0159\u00edkaz st\u00e1hne ve\u0161ker\u00e9 nutn\u00e9 dockers a nastartuje je. Vy tak m\u016f\u017eete vyrazit na adresu, kterou jste uvedli v\u00a0env konfigura\u010dn\u00edm souboru.<\/p>\n

\"\"<\/p>\n

Pro prvn\u00ed p\u0159ihl\u00e1\u0161en\u00ed pou\u017eijte defaultn\u00ed \u00fadaje:<\/p>\n

Username: <\/strong>admin<\/p>\n

Password: 11_ThisIsTheFirstPassword_11<\/strong><\/p>\n

 <\/p>\n

Po p\u0159ihl\u00e1\u0161en\u00ed proklikejte pr\u016fvodce a seznamte se se z\u00e1kladn\u00edmi operacemi v n\u00e1stroji VECTR. A\u017e budete m\u00edt naklik\u00e1no, tak zjist\u00edte, \u017ee krom\u011b n\u011bkolika modelov\u00fdch p\u0159\u00edklad\u016f je ve VECTR celkem smutno, a proto je ide\u00e1ln\u00edm \u0159e\u0161en\u00edm\u2026<\/strong><\/p>\n

<\/p>\n

 <\/p>\n

Import MITRE CTI <\/strong><\/p>\n

Ve VECTR nen\u00ed snad nic jednodu\u0161\u0161\u00edho a postup je proto velmi jednoduch\u00fd:<\/p>\n

    \n
  1. Jd\u011bte na MITRE CTI<\/strong><\/a> \u2013 mrkn\u011bte co tam v\u0161echno m\u016f\u017eete naj\u00edt, nebo rovnou:<\/li>\n
  2. St\u00e1hn\u011bte si soubor Enterprise ATT&CK<\/strong><\/a>.<\/li>\n
  3. V\u00a0n\u00e1stroji VECTR jd\u011bte do Administration<\/strong> \u2013 Import Data<\/strong> \u2013 File Import.<\/strong><\/li>\n<\/ol>\n

    \"\"<\/p>\n

    4. P\u0159et\u00e1hn\u011bte sta\u017een\u00fd soubor do sekce Drag & Drop your files or Browse<\/strong> nebo na tuto oblast jednodu\u0161e klikn\u011bte a vyberte sta\u017een\u00fd soubor v klasick\u00e9m dialogu.<\/p>\n

    5. Potom co se dokon\u010d\u00ed nahr\u00e1v\u00e1n\u00ed do VECTR, klikn\u011bte na Submit<\/strong>, aby do\u0161lo k nata\u017een\u00ed ve\u0161ker\u00fdch informac\u00ed o APT skupin\u00e1ch, n\u00e1stroj\u00edch TTP atd.<\/p>\n

    6. Ze zobrazen\u00e9ho seznamu si vyberte, co chcete importovat do VECTR, pokud importujete cel\u00fd soubor bude pro v\u00e1s ve\u0161ker\u00fd obsah k dispozici i pro pozd\u011bj\u0161\u00ed testov\u00e1n\u00ed.<\/p>\n

    7. Po importu je mo\u017en\u00e9 spustit novou kampa\u0148 jednodu\u0161e kliknut\u00edm v\u00a0lev\u00e9m menu na Assessment<\/strong> \u2013 velk\u00e9 tla\u010d\u00edtko Create new<\/strong>.<\/p>\n

    \"\"<\/p>\n

    8. Dejte svoj\u00ed kampani jm\u00e9no a p\u0159idejte podrobn\u00fd popis, pokud chcete. D\u016fle\u017eit\u00e9 je zvolit pod organization\u00a0<\/strong>MITRE<\/strong>, aby se v\u00e1m zkr\u00e1til seznam dostupn\u00fdch kampan\u00ed. Zvolte kampa\u0148<\/strong> a klikn\u011bte Save<\/strong>.<\/p>\n

    \"\"<\/p>\n

    9. V\u00e1\u0161 assessment se objev\u00ed v\u00a0p\u0159ehledu, po kliknut\u00ed na kampa\u0148<\/strong> se zobraz\u00ed jej\u00ed detail a jednotliv\u00e9 \u010d\u00e1sti kampan\u011b. Gratulace m\u016f\u017eete za\u010d\u00edt va\u0161e testov\u00e1n\u00ed.<\/p>\n

    \"\"<\/p>\n

    \"\"<\/p>\n

    Pokud by n\u011bco neklapalo, tak n\u00e1s kontaktujte<\/strong><\/a>.<\/p>\n<\/div>","protected":false},"excerpt":{"rendered":"

    Pro sledov\u00e1n\u00ed kampan\u00ed Red team a Blue team v r\u00e1mci Purple teaming, jejich hodnocen\u00ed, a p\u0159edev\u0161\u00edm pak pro hodnocen\u00ed p\u0159ipravenosti samotn\u00fdch proces\u016f, lid\u00ed a n\u00e1stroj\u016f je velmi d\u016fle\u017eit\u00e9 ve\u0161ker\u00e9 souvisej\u00edc\u00ed \u010dinnosti dokumentovat. Pr\u00e1v\u011b k tomuto \u00fa\u010delu slou\u017e\u00ed n\u00e1stroj VECTR od spole\u010dnosti SRA. Nicm\u00e9n\u011b jak pozn\u00e1te pozd\u011bji nejde pouze jenom o pasivn\u00ed tool zaznamen\u00e1vaj\u00edc\u00ed postup va\u0161ich […]<\/p>\n","protected":false},"author":3,"featured_media":6835,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[88,95,103,104,105,106],"tags":[91,90,96,107],"_links":{"self":[{"href":"https:\/\/dcg420.org\/en\/wp-json\/wp\/v2\/posts\/6833"}],"collection":[{"href":"https:\/\/dcg420.org\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dcg420.org\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dcg420.org\/en\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/dcg420.org\/en\/wp-json\/wp\/v2\/comments?post=6833"}],"version-history":[{"count":13,"href":"https:\/\/dcg420.org\/en\/wp-json\/wp\/v2\/posts\/6833\/revisions"}],"predecessor-version":[{"id":6854,"href":"https:\/\/dcg420.org\/en\/wp-json\/wp\/v2\/posts\/6833\/revisions\/6854"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/dcg420.org\/en\/wp-json\/wp\/v2\/media\/6835"}],"wp:attachment":[{"href":"https:\/\/dcg420.org\/en\/wp-json\/wp\/v2\/media?parent=6833"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dcg420.org\/en\/wp-json\/wp\/v2\/categories?post=6833"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dcg420.org\/en\/wp-json\/wp\/v2\/tags?post=6833"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}