Skip to content

Home

Jump to bottom
kkneomis edited this page Sep 14, 2022 · 7 revisions

Welcome to the cyber-challenger wiki!

This project is written in python and Flask.

The core of the project is a series of modules that are chained together to generate logs that can correlated. That is, events and timing in one log source are consistent and verifiable in other log sources.

How Modules are structured

Each modules consists of a data model + controllers that leverage the data model to generate activity.

Example organization module:

├── email.py
└── email_controller.py

In this example, email.py contains the data model -> class Email:

email_controller.py contains functions that build on the Email class. E.g. gen_inbound_mail():

from app.server.modules.email.email import Email

def gen_inbound_mail(recipient: Employee, actor: Actor, time: float) -> None:
    
    email = Email(
        time=time,
        sender=actor.get_sender_address(),
        recipient=recipient.email_addr,
        subject=actor.get_email_subject(),
        reply_to=reply_to,
        link=link,
        domain=domain,
        actor=actor,
        accepted=random.choices([True, False], weights=(80, 20), k=1)[0],
        authenticity=actor.effectiveness
    )

Curent modules:

Module Name Description
Clock Used to compute and manage the "in-game" time. In-game time is an accelerated version of real world time.
Organization Represents employees who work at the company. Also contains functions used to generate employees
Email Represents emails sent to and from company employees. Also contains functions for generating email activity.
OutboundBrowsing Represents web-browsing egressing from the company network. Also contains functions used to generate web-browsing activity.
Endpoint Represents files and processes running on employee machines. Also contains functions used to generate endpoint activity.
Infrastructure Represents an internally consistent passiveDNS system (e.g. domain to ip mapping). Also contians functions used to generate dns records.
Logging Used to send logs to the database in Azure Data Explorer
Trigger Functions that chain together modules to produce a sequence of events. E.g. Email -> User clicks link -> Filedownload -> C2 beacon
Helpers Misc helper classes and functions used in the project

How actors are defined

Actors referent to malicious adversaries. These are modeled in a class within the Actors module. However, users can instantiate actors via yaml files in the actor_configs directory

Clone this wiki locally