Ftrsec

Setup environment

To setup a sandbox environment I personally love to use commando VM that I customize a little.
Sometimes in purple team you will need a Windows, but sometimes you will need a Kali as well.
Here are the following steps to setup a hybrid environment :

  • Buy an IP (and a domain if you want) and use a cloud instance like ec2
  • Install a windows and use the following script from Mandiant (if you don’t know it, don’t worry, these guys know what they do ;)):
    https://github.com/mandiant/commando-vm
  • Then I usually add a second WSL distribution on it, Kali Linux.
  • Follow these steps to make a port forwarding for your C2 connections to your linux :
    https://jwstanly.com/blog/article/Port+Forwarding+WSL+2+to+Your+LAN/
  • Install C2 framework of your choice (I personally like sliver)
  • Optional : configure DNS A record for your IP

This setup might not be perfect but permit you to have a windows to craft payload, do forensics, analyze logs, modify GPO, or all windows stulls you need…, as well as a Kali VM with a C2.

Considerations :

  • Be aware to put strong passwords and nothing personal.
  • Crate a VM template after you customize it and regenerate the VM automatically every week, or right after trying real payloads

Laisser un commentaire