DumpsterFire – Security Incidents In A Box!

0
0

The DumpsterFire Toolset is a modular, menu-driven, cross-platform tool for building repeatable, time-delayed, distributed security events. Easily create custom event chains for Blue Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Turn paper tabletop exercises into controlled “live fire” range events. Build event sequences (“narratives”) to simulate realistic scenarios and generate corresponding network and filesystem artifacts.

DumpsterFire toolset is designed to be dynamically extensible, allowing you to create your own Fires (event modules) to add to the included collection of toolset Fires. Just write your own Fire module and drop it into the FireModules directory. The DumpsterFire toolset will auto-detect your custom Fires at startup and make them available for use.

DumsterFire – Security Incidents In A Box!

DumpsterFire – Security Incidents In A Box!

The DumpsterFire include the following modules:

  • AccountBruting is the first module and will allow attacker to run brute-force attack against telnet and ftp. python script will use several default usernames and up to 100 different passwords.
  • FileDownload is the second module and will emulate downloading few hacking tools like sqlmap , mimkatz, scapy etc. normally on the network side the IDS should have the signature to detect similar downloads.
  • FileSystem module will allow attacker to simulate creating AWS ELB cache-like files into the target directory until the partition is full. Files are filled with random data. the risk behind this attack is DoS.
  • Malware module is another interesting module that will generate Bot activity (no infection code or attempts to spread). Tries to open a telnet connection to all hosts on target network. If telnet session available, it will try to login using all user/password combos targeted. No action is taken if the login succeed.
  • NetworkScans several nmap scripts to make different scans on the network.
  • Shenanigans is another module that contain some extra testing like installing ransomware lock-screen on the background and hide other application.  on linux you can appends a series of aliases to the supplied bash resource file, printing system error messages when attempting to use commands such as ‘ls’, ‘cd’, ‘df’, etc.
  • Websurfing module have several python script that will allow attacker to simulate connection to hacking website or other resources that should be monitored and restricted on the corporate network.

Red Teams and Blue Teams are typically overextended. What’s missing is a way to scale each team’s capabilities, providing more effective Red Team activity, and more realistic (and helpful) Blue Team / Purple Team exercises. Automation to the rescue! The DumpsterFire Toolset is a cross-platform menu-driven solution that allows you to easily create custom security incidents by combining modular, chained events into a consistent narrative. Those collection of events (DumpsterFires) can then be executed as time-delayed, automated processes.

You can read more and download this tool over here: https://github.com/TryCatchHCF/

Share