The Fortress

Daily drivers can be InfoSec War Machines! Infosec-fortress.py is designed to turn Ubuntu Desktop 20.04 into a single system that supports DFIR, RE, and Penetration Testing Operations in a single VM (or bare metal). Threat hunting with teeth. No, wait. DFIR with Teeth. We could also just call it a Purple Team VM. In its current state it easily supports day to day activities for folks conducting, or learning, Digital Forensics, Incident Response, and Reverse Engineering with a healthy dose of Web App assessments and network penetration testing.

Does it do everything Kali does? No. But it’s quite capable (and more will be added) of basic penetration testing and web assessments. It is certainly good enough to get do day to day security assessments, penetration testing, and playing at THM, HTB etc.

Does this mean I don’t need a Windows DFIR station? No. Likely not. I would still recommend having FLARE with Erik Zimmerman’s tools added. It is certainly a step in the right direction for reducing VM’s or changing a daily driver into a powerful security platform.

Well Acktually: If you think it’s missing something I invite you to contribute to the github. There is a ton of room for adding to this project. I look forward to having some help!

This platform works great as you explore CASE 001! Check out the PCAP Lab as a good starter! The platform also works great for TryHackMe!

The Github Repo: infosec-fortress

Requirements

• Written for Ubuntu 20.04. It should be easily modifiable for other versions and distributions.
• python3
• git
• root privileges
• Approx. 22 Gigs of free space

sudo apt install python3 git

Steps to Run

1. Review the script. No changes needed to get started.
2. (optional) Check list of packages, add, or take away etc.
3. Clone this repository git clone https://github.com/ED-209-MK7/infosec-fortress.git
4. Run the script as sudo/root. sudo python3 ./infosec-fortress/build-fortress.py
5. (semi-optional) Go make a sandwhich. It takes a long time.
6. Be Prepared to answer some prompts along the way (not many)

This script will make /opt/infosec-fortress. This directory will contain build logs and an update script.

What Goes Into the Fortress

1. REMnux Reverse Engineering platform
2. SIFT Incident Response Platform
3. Metasploit Framework
4. Kali’s Wordlists plus more
5. Kali’s Collection of Webshells
6. Kali’s Windows Binaries/Resources
7. The latest bloodhound
8. Enum4Linux and Enum4linux-ng

Notable Tools

There are hundreds. However, here are some highlights.

DFIR Tools

• Log2Timeline (Plaso)
• RegRipper
• msg converter

RE Tools

• Ghidra (Pronounced Ghee-druh (like geek wihtout the k + druh))
• radare2
• binwalk
• look and feel of REMnux (CLI Color Highlighting for filetype)

Network tools

• snort
• tcpdump
• wireshark
• tshark
• ngrep

Security Assessment (PenTest Tools)

• Metasploit Framework
• Burp Suite
• Zap
• nmap
• masscan
• Hashcat
• John
• Hydra
• Medusa
• smbclient /rpcclient
• sqlmap
• netcat-traditional
• air-crack-ng
• kismet

Other

• VS Code
• Powershell Core

And more…

To-Do’s

Help wanted!

• add Zeek
• add RITA
• add SiLK
• add a dir containing pre-made host enumeration scripts
• add DPAT (domain password auditing tool)?
• SRUM Dump.py (does it work on Ubuntu?)
• Responder symlink
• add secretsdump.py (might be there already)
• add bettercap
• add Empyre? or similar
• add spider foot community edition
• add Recon-NG
• add Maltego
• test Erik Zimmermans tools in wine
• add a folder in /usr/share/? packed with SANS Posters

Happy Hunting!

Labs to Do in The Fortress

• TryHackMe
• Hack The Box
• Case 001
• Case 001 PCAP Analysis
• Malware Traffic Analysis
• Cyber Defenders
• CrackMe Challenges

James

See author's posts