This is the Git repository for the Modern Red Teaming
workshop given at SINCON2024.
It is initially based on the Multi-Stage-Mythic project from Kyle Avery, but with significant additions, upgrades and modifications:
- Cloudfront geo-restriction to cut noise from mass scanners and defeat some security solutions hosted in other countries
- Use of Cloudfront prefix list in the security group of the load balancer to prevent direct access
- ALB instead of ELB for content-based routing and WebSockets support
- ALB access logging for debugging / compliance purposes
- Use of SSM Session Manager instead of open SSH to avoid exposing the SSH port or setting up a bastion host. The instance is in a private subnet, with no public IP address assigned
- Use of EC2
user-data
instead of Terraform'sremote-exec
provider as there's no native SSM support for the latter - The
http
C2 profile now uses Docker volumes, so this project uses the new path to copy theconfig.json
file - Works with the new Mythic v3 (tested with v3.2.20-rc7)
- Dynamic Ubuntu AMI via aws_ami data source, to get the latest AMI and no hardcoded, region-dependent AMI ID
- Use of S3 as a Terraform state backend
- Use of
t4g.small
ARM64 EC2 instances as they're free for 750 hours / month until end 2024 :) - Creation of a phishing server with pre-built
Evilginx2
andMuraena
binaries - No scripted payload generation, no Azure CDN to make things simpler during the workshop