Mitre Caldera V5
Mitre Caldera V5 is an advanced, open-source platform designed for adversary emulation and automated red teaming. It allows users to simulate various cyber attack techniques and tactics in a controlled environment, providing valuable insights for improving cybersecurity defenses. AWS Marketplace: Mitre Caldera V5
Note:
- Please be patient , it takes 5-10 minutes for Mitre Caldera to be accessible.
SSH:
- To ssh into your server, use the adminotaur user:
ssh adminotaur@ip-of-server
Passwords:
- To Get all the Mitre Caldera Passwords , run the follwoing command from terminal:
cat /home/adminotaur/caldera/conf/local.yml
Login:
- login to your Mitre Caldera V5:
https://IP-OF-YOUR-VM:8443
- Note: It is set to use a public IP , please see troublehsooting to customize to a private IP.
- How to login as the Red or blue user:
username: red
password: ( cat /home/adminotaur/caldera/conf/local.yml | grep red )
username: blue
password: ( cat /home/adminotaur/caldera/conf/local.yml | grep blue )
Plugin Ports:
- Note: UFW Host firewall is only set to allow port 22 & 8443 by default.
# To allow access to any of the ports mentioned , add a rule.
EX:
sudo ufw allow 8853/tcp
sudo ufw allow 8853/udp
# Check the current firewall rules:
sudo ufw status numbered
# Delete a rule, select a numbered from the above command:
sudo ufw delete 99
- DNS Contact Plugin (Port 8853)
- Description: Handles agent communication via DNS.
- Test: Configure an agent to use DNS and verify it registers successfully.
-
Expected Outcome: Agent should appear in the Caldera interface.
-
FTP Contact Plugin (Port 2222)
- Description: Handles agent communication via FTP.
- Test: Use an FTP client to connect, upload, and download files.
-
Expected Outcome: Successful file transfers.
-
TCP Contact Plugin (Port 7010)
- Description: Handles agent communication via TCP.
- Test: Deploy an agent over TCP and monitor the connection.
-
Expected Outcome: Stable TCP connection and communication.
-
UDP Contact Plugin (Port 7011)
- Description: Handles agent communication via UDP.
- Test: Deploy an agent over UDP and verify packet exchange.
-
Expected Outcome: Successful data transmission with minimal packet loss.
-
WebSocket Contact Plugin (Port 7012)
- Description: Handles agent communication via WebSocket.
- Test: Deploy an agent over WebSocket and confirm the connection.
-
Expected Outcome: Real-time communication via WebSocket.
-
SSH Tunnel Plugin (Port 8022)
- Description: Enables agent communication through SSH tunnels.
- Test: Establish an SSH tunnel and deploy an agent.
-
Expected Outcome: Secure communication through the tunnel.
-
HTTP/HTTPS Contact Plugin (Port 8443)
- Description: Facilitates agent communication via HTTP/HTTPS.
- Test: Access the web interface and deploy an agent.
-
Expected Outcome: Secure agent registration via HTTPS.
-
Main Web Interface (Port 8888)
- Description: Central interface for Caldera operations.
- Test: Log in and perform basic operations.
- Expected Outcome: Full functionality with no errors.
Troubleshooting:
- If you need update the IP or other data in local.yml
sudo systemctl stop caldera
vim /home/adminotaur/caldera/conf/local.yml
# If you want to use a private Ip , instead of public, change the following:
app.contact.http: https://IP-OF-YOUR-SERVER:8443
app.frontend.api_base_url: https://IP-OF-YOUR-SERVER:8443
# make sure to also change the IP here as well:
vim /home/adminotaur/caldera/plugins/magma/.env
VITE_CALDERA_URL=https://IP-OF-YOUR-SERVER:8443
# Once these are updated, run the follwing command:
sudo systemctl start caldera-build
# Wait a couple of minutes for it to build, once you see Caldera in status, build is done.
sudo systemctl status caldera-build
# Once Caldera is visible, you can stop the service.
sudo systemctl stop caldera-build
# Now you can start Caldera.
sudo systemctl start caldera
- To get the plugins to work, you need to allow them via UFW host firewall:
# Check the plugin ports section, EX:
sudo ufw allow 8853/tcp
sudo ufw allow 8853/udp
# Check the current firewall rules:
sudo ufw status numbered
# Delete a rule, select a numbered from the above command:
sudo ufw delete 99
Security Features:
- Crowdsec IPS - https://decyphertek.readthedocs.io/en/latest/technotes/Crowdsec/
- UFW Host Firewall - https://decyphertek.readthedocs.io/en/latest/technotes/UFW/
- Auditd Logging - https://decyphertek.readthedocs.io/en/latest/technotes/Auditd/
- Automated Updates - Update script upon first boot and daily.
References:
- https://caldera.readthedocs.io/en/latest/