MITRE Caldera

MITRE Caldera is a cyber security platform designed to easily automate adversary emulation, assist manual red-teams, and automate incident response. It is built on the MITRE ATT&CK™ framework and is an active research project at MITRE.

https://caldera.mitre.org/

Goals

The principal goal of this Makejail is to help us install, configure and run MITRE Caldera into a FreeBSD jail container.

Requirements

Before you can install MITRE Caldera using this Makejail you need some initial configurations

Enable Packet filter

We need add somes lines to /etc/rc.conf

# sysrc pf_enable="YES"
# sysrc pflog_enable="YES"

# cat << "EOF" >> /etc/pf.conf
nat-anchor 'appjail-nat/jail/*'
nat-anchor "appjail-nat/network/*"
rdr-anchor "appjail-rdr/*"
EOF
# service pf reload
# service pf restart
# service pflog restart

rdr-anchor section is necessary for use dynamic redirect from jails

Enable forwarding

# sysrc gateway_enable="YES"
# sysctl net.inet.ip.forwarding=1

Create a virtualnet

Create a virtualnet for add MITRE Caldera jail from caldera-makejail. Otherwise you can use your own virtualnet if you created it previously

# appjail network add caldera-net 10.0.0.0/24

it will create a bridge named caldera-net in where Caldera jail epair interfaces will be attached. By default caldera-makejail will use NAT for internet outbound. Do not forget added a pass rule to /etc/pf.conf because caldera-makefile will try to download and install packages and some another resources for configuration of it

pass out quick on caldera-net inet proto { tcp udp } from 10.0.0.2 to any

Create a lightweight container system

Create a container named caldera with a private IP address 10.0.0.2. Take on mind IP address must be part of caldera-net network

# appjail makejail -f gh+AppJail-makejails/caldera -j caldera -- --network caldera-net --caldera_ip 10.0.0.2

When it is done you will see credentials info for connect to MITRE Caldera via web browser.

 ################################################ 
 MITRE Caldera admin credential                   
 Hostname : https://jail-host-ip:8443             
 Username : admin                                 
 Password : Z1EtVnltRtirHDOTVY4=                          
 ################################################ 
 
 ################################################ 
 MITRE Caldera blue credential                    
 Hostname : https://jail-host-ip:8443             
 Username : blue                                  
 Password : M0WmJnQOLG3va+b0LM8=                           
 ################################################ 
  
 ################################################ 
 MITRE Caldera red credential                     
 Hostname : https://jail-host-ip:8443             
 Username : red                                   
 Password : 1TPza2NLp0h1scaZ2uA=                            
 ################################################

Keep them to another secure place

License

This project is licensed under the BSD-3-Clause license.

AppJail-makejails / caldera