[PYTHON] Introduction of cyber security framework "MITRE CALDERA": How to use and training

Introduction of cyber security framework "MITRE CALDERA": How to use and training

Introduction

Effect

This article is the 4th "Usage / Training" of "Introduction to Cyber Security Framework" MITER CALDERA "". In this volume, we will introduce how to use MITER CALDERA, which can be used to develop security personnel. Please see the first "Function overview / Operating environment construction" for the function outline and environment construction.

Article structure

Since there are many introduction contents, we will introduce them in the following 4 articles.

Caution / Disclaimer

This series of articles includes a method to simulate a cyber attack. The purpose of this is to confirm, examine, and improve what kind of events will occur due to cyber attacks and how to deal with them, and to utilize them for cyber security human resource development. Create a closed network environment so that it does not affect other systems or networks. If you do this for someone who does not have permission, it will violate laws such as the Unauthorized Computer Access Law, so please do not do so.

The content of this article is my personal opinion, not the official opinion of the organization to which I belong. The author and the organization to which he belongs are not responsible for any trouble, damage, or damage caused to the user or a third party by trying what is described in this article.

Overview

The MITER CALDERA version 2.6.4 provides a Training plugin and adds a training menu. Questions will be given in a quiz format, and if the expected state is reached, the answer will be correct and the next question will be asked. The MITER CALDERA 2.6.6 used in this series has a problem to confirm and certify that you are a user who can master MITER CALDERA. Note that in 2.6.6, the issue only appears when you log in with the red team. In 2.7.0, issues are also displayed when logging in as a blue team, and the number of issues is increasing. We can expect that more training questions will be added in the future. You can also create and register your own questions. It also explains how to register a question.

Below is a screenshot of the start of the User Certificate training. training_user_sertificate.png

Environment

Use the same environment as "Usage: Red Team Edition". Note that the emoji flag was not displayed correctly when viewing the training questions in the Chromium browser on Ubuntu Linux 20.04. Therefore, I executed the following command to install the emoji font and logged in to the OS again. (Font name varies depending on OS type and version)

$ sudo apt install ttf-ancient-fonts-symbola

Operating procedure

Login

Log in to the MITER CALDERA server according to the startup procedure described in "Usage: Red Team Edition".

Training menu display

When you move the mouse cursor to the Plugins menu, a submenu will be displayed directly below, so click training in the submenu. training_menu.png

Question collection selection

Click the " Select a certificate "pull-down menu on the left side of the web screen to display a list of question collection names. In MITER CALDERA 2.6.6, only "ʻUser Certificate`" can be selected. This is a collection of questions to confirm and certify whether you have mastered MITER CALDERA.

training_select_certificate.png

In addition, in the upper right part of the window, the English text such as "Please email me when you get the code. We will return the completion certification code after confirmation" is displayed. Would you like to try to conquer all questions?

Challenge the problem

When you select the question book, the question genre is displayed on the left side of the screen, and the card with the question sentence is displayed on the right side of the screen. As you can see in the first screenshot of this article, the card has a question title and a question statement. When you move the mouse cursor over the card, the card flips over and a red card appears as shown below, showing details and hints. Currently only the genre is displayed, but in the future you may be able to select a question for that genre by clicking on the genre. It is also how to use open source software to request such functions or to implement and incorporate them. If you answer the question correctly, the following questions will be displayed additionally.

training_genre_q1_back.png

Questions will be asked for each genre. The first question will be from the AGENTS (agent) genre.

Question 1: Start the agent on the local host

Table: Problem statement Back: Details / Tips
training_q1_front.png training_q1_back.png

If you can start the agent on the localhost, you will see the second question.

Question 2: Start the agent on the remote host

Table: Problem statement Back: Details / Tips
training_q2_front.png training_q2_back.png

As stated in the problem statement, the agent must be started on a host with a different OS than the MITER CALDERA server. Since the MITER CALDERA server is running on Linux OS, if you can start the agent on Windows OS or Mac OS and connect remotely, the problem will be cleared and the third question will be displayed.

In this way, questions are asked one after another. When you solve all the problems in the genre, the genre icon will be colored. The date when the question was answered correctly is recorded, and you can continue to solve it by restarting the MITER CALDERA server.

Below is a screenshot of the AGENTS genre with all 8 questions solved.

training_cleared_agents.png

Training plugin structure

The directory and file structure of the Training plugin is shown below. You can also create and register your own questions according to your configuration.

Directory / file structure

plugins/training/
├── README.md
├── __init__.py
├── app
│   ├── c_badge.py
│   ├── c_certification.py
│   ├── c_flag.py
│   ├── flags
│   │   ├── advanced
│   │   │   ├── flag_0.py
│   │   │   ├── flag_1.py
│   │   │   └── flag_2.py
│   │   ├── adversaries
│   │   │   ├── flag_0.py
│   │   │   ├── flag_1.py
│   │   │   └── flag_2.py
│   │   ├── agents
(Omission)
│   │   └── plugins
│   │       ├── atomic
│   │       │   └── flag_0.py
│   │       ├── compass
(Omission)
│   │       └── mock
│   │           └── flag_0.py
│   └── training_api.py
├── data
│   └── 9cd5f3a0-765d-45bc-85c2-bc76d4282599.yml
├── hook.py
├── static
│   ├── css
│   │   └── training.css
│   └── img
│       ├── badges
│       │   ├── advanced.png
(Omission)
│       │   └── operations.png
│       └── certification.png
└── templates
    └── training.html

Problem collection definition file

This is a problem collection definition file that collects problems related to problem themes such as "User Certificate". There is a yaml file with the UUID as the file name for each problem collection under the data directory. If you create your own question collection definition file in the same format and store it in the data directory, it will be automatically added to the question collection selection pull-down menu and you can select it.

The definition format of the problem collection definition file is shown below.

data/*.yaml


id:Problem collection UUID
name:Problem collection name
badges:
Problem genre name:
    flags:
      -Python module name for problem definition Python script

Problem definition file

Individual problem definition files. It is a Python script, and the question title, question sentence, and detailed explanation are defined as variables, and the process of determining the correct answer is defined as a function. Since it is imported as a Python module, place a Python script under the app directory according to the Python module format.

The definition format of the problem definition file is shown below. The variable name and function name are fixed and are automatically recognized as a problem.

app/flags/*/*.py


name = 'Problem title'
challenge = 'Problem statement'
extra_info = """Details / Tips"""

async def verify(services):
Processing that returns True if the answer is correct, False if the answer is not correct

at the end

This concludes the introduction of the cyber security framework "MITRE CALDERA". We hope that you will be interested in it and that it will be an opportunity to utilize it for business and human resource development. We can expect a lot of techniques, scenarios, training menus, new plugins, etc. in the future. It's a framework, so it's interesting to define original techniques and training, and to devise and create new plugins. I would like to introduce how to build a plugin development environment.

Let's utilize MITER ATT & CK and MITER CALDERA for cyber security.

Thank you for reading until the end.

Recommended Posts

Introduction of cyber security framework "MITRE CALDERA": How to use and training
Introduction of cyber security framework "MITRE CALDERA", function outline, operating environment construction
Introduction of DataLiner ver.1.3 and how to use Union Append
[Introduction] How to use open3d
[Introduction to Azure for kaggle users] Comparison of how to start and use Azure Notebooks and Azure Notebooks VM
[Introduction to Udemy Python 3 + Application] 36. How to use In and Not
Comparison of how to use higher-order functions in Python 2 and 3
Summary of how to use pandas.DataFrame.loc
How to install and use Tesseract-OCR
Summary of how to use pyenv-virtualenv
How to use .bash_profile and .bashrc
How to install and use Graphviz
Summary of how to use csvkit
How to use Serverless Framework & Python environment variables and manage stages
[Introduction to Python] How to use the Boolean operator (and ・ or ・ not)
[Introduction to Data Scientists] Basics of scientific calculation, data processing, and how to use graph drawing library ♬ Basics of Scipy
[Introduction to Data Scientists] Basics of scientific calculation, data processing, and how to use graph drawing library ♬ Basics of Pandas
[Introduction to Data Scientists] Basics of scientific calculation, data processing, and how to use graph drawing library ♬ Basics of Matplotlib
[Python] Summary of how to use pandas
[Introduction to Python] How to use class in Python?
How to install and use pandas_datareader [Python]
How to calculate Use% of df command
[Python2.7] Summary of how to use unittest
python: How to use locals () and globals ()
Jupyter Notebook Basics of how to use
Basics of PyTorch (1) -How to use Tensor-
How to use Python zip and enumerate
Summary of how to use Python list
[Python2.7] Summary of how to use subprocess
How to use is and == in Python
How to use pandas Timestamp and date_range
[Question] How to use plot_surface of python
From the introduction of GoogleCloudPlatform Natural Language API to how to use it
[Introduction to pytorch-lightning] How to use torchvision.transforms and how to freely create your own dataset ♬
How to use folium (visualization of location information)
How to use lists, tuples, dictionaries, and sets
A simple example of how to use ArgumentParser
Introducing Sinatra-style frameworks and how to use them
[Introduction to Udemy Python3 + Application] 23. How to use tuples
[Introduction to Data Scientists] Basics of scientific calculation, data processing, and how to use the graph drawing library ♬ Environment construction
Not much mention of how to use Pickle
Summary of how to use MNIST in Python
[Python] How to use hash function and tuple.
How to install Cascade detector and how to use it
[Introduction to statistics] What kind of distribution is the t distribution, chi-square distribution, and F distribution? A little summary of how to use [python]
[Introduction to Python] How to use while statements (repetitive processing)
I tried to summarize how to use matplotlib of python
Beginners! Basic Linux commands and how to use them!
Memo of how to use properly when combining pandas.DataFrame
How to use Python Kivy ① ~ Basics of Kv Language ~
How to use the grep command and frequent samples
Julia Quick Note [01] How to use variables and constants
[Introduction to Udemy Python3 + Application] 27. How to use the dictionary
[Introduction to Udemy Python3 + Application] 30. How to use the set
How to use argparse and the difference between optparse
How to use Decorator in Django and how to make it
How to use xml.etree.ElementTree
How to use Python-shell
How to use tf.data
How to use virtualenv
How to use Seaboan