Blog Posts

For a long time, I've been interested in the idea of testing malware and/or developing threat emulation tools. Most importantly, as a blue teamer, observing the activity, studying it, and developing ways to detect the activity caused by such. I have never been able to really set this up in a manner that would be practical, whether it be from lack of knowledge or hardware. However, I am starting to get there.

Using a Dell PowerEdge R260 (sitting under my desk) and Proxmox, I'm able to virtualize whatever I need. I've been slowly specing it out so that I can do this project. In this, I have/will have:

• Elastic Stack on version 8.1 (very easy to stand up) for logging/SIEM purposes

• Zeek for network monitoring,
• VyOS for firewalling/segmenting,
• Windows 10 box for testing
• Kali box for all things red team.

The Windows 10 and Kali box will be isolated except for logging out to the SIEM (Kali box not logged except for network traffic). I'm thinking about putting other boxes on here with different services that are exploitable, but that I'm not there yet.

The goal, as stated in the preamble, is to test and develop detections for malicious activity on a network. This is a large task, and I doubt I will cover every little thing (I'm one person), but it will serve to further my own learning and study in a large variety of cybersecurity.

I have already run some tests using Cobalt Strike, but I also plan on checking out Covenant C2, some custom ransomware written by a colleague, as well as exploits (both old and new). This will grow with time, and when it does, I will write articles and such here and probably post my detection rules for such activity on my Github. Stay tuned :).

I'm excited to start this project, and it has been taking up much of my homework time. It will build slowly right now, but over the summer, I hope to continue my research in my free time. This will be fun.