A Client / Server Mode for Automated Red Teaming
Abstract
Red Team testing is a proven method to improve cybersecurity on organizational networks. However, due to the low availability of required expertise in this field, red teaming is prohibitively expensive to conduct on a large scale. In response, the Office of the Secretary of Defense has sponsored research to build a Red Team in a Box (RTIB) tool to perform many of the basic red team functions without requiring the user to have in-depth knowledge of red teaming tools and techniques. This research has resulted in the prototype implementation of CARTT, the Cyber Automated Red Team Tool. This thesis extended CARTT from its current stand-alone host-based implementation to include the ability to identify potential targets on a range network, communicate results to a command node, and respond to orders to attack from the command node. Redesigning the CARTT as a client/server system allows system administrators to access the tool remotely, affording increased cybersecurity throughout the Navys networks while reducing the cost of red teaming. Additionally, the client/server model mitigates the risk of having Metasploit and OpenVAS installed on machines throughout these target networks. A messaging system was implemented that facilitates a command and control channel between users.
Document Details
- Document Type
- Technical Report
- Publication Date
- Dec 01, 2020
- Accession Number
- AD1126766
Entities
People
- Joseph A. Berrios
Organizations
- Naval Postgraduate School