The tool consists of two parts- a Server that handles the distribution of tasks and the collection of reports from the different NPC machines, and the Clients that run the timelines and act as our simulated users.įurther on the Server is split in three parts: Further on I will try to configure my own timelines for the NPCs and do a multi-machine test to evaluate how useful it could be. I will go over the steps needed to set-up and do a test run of the GHOSTS tool. This blog is part one of my exploration of the possibilities of the GHOSTS framework. Without this background noise it is quite easy to single out a possible attack, as it would be the only real activity on the network and the detection becomes trivial. This is very helpful when we want to design an exercise, or simulate background data, because it generates the background noise that is quite often used to obfuscate any malicious activity in a network. This fictional user is defined as an NPC (Non-Player Character) and follows a script of what actions should be taken at which points in time. The GHOSTS tool give us the possibility to set up a specific timeline that can be used to emulate the behaviour of a user on a specific computer. Each of these tools is very interessting and I could spend a lot of time writing on them, but today I focus on one particular tool that could help us in the automation of simulated computer use and network traffic: GHOSTS. ![]() ![]() Recently Carnegie Mellon University has released a suit of tools they have developed to be used during Red-Blue teaming exercises. There are tools available that help automate that, but in most cases they can be quite rudimentary. It could pose a big challenge to model this if we don't have a group of people available who we can task with sitting behind a computer and clicking on their mouse every so often to simulate real computer behaviour. This can lead to some difficulties as in a real network we have multiple users, each with the own computer, surfing the net, working with files, or typing commands and sending requests to the network's centralized server. When we want to test some detection algorithm we are developing, or we want to prepare a nice in-depth exercise for our students, we need to set up an ecosystem that closely resembles that of the real world.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |