### # Caldera configuration caldera: ### # API key for caldera. See caldera configuration. Default is ADMIN123 apikey: ADMIN123 ### # Attacks configuration attackers: ### # Configuration for the first attacker. One should normally be enough. But it is still implemented as a list - name: attacker ### # Defining VM controller settings for this machine vm_controller: ### # Type of the VM controller, Options are "vagrant" and "running_vm" vm_type: vagrant ### # # path where the vagrantfile is in vagrantfilepath: systems ### # Name of machine in Vagrantfile, main way to reference this machine vm_name: attacker ### # Machine can have nicknames. They can be used in complex attacks to reference the machine in multiple ways nicknames: - "suspect 1" ### # machinepath is a path where the machine specific files and logs are stored. Relative to the Vagrantfile path # and will be mounted internally as /vagrant/ for linux machines # If machinepath is not set PurpleDome will try "vm_name" machinepath: attacker1 ### # OS of the VM guest. Options are so far "windows", "linux" os: linux ### # Do not destroy/create the machine: Set this to "yes". use_existing_machine: yes ### # List of targets targets: ### # Name of a specific target. It is implemented as a list, you can have several targets in your experiment - name: target1 ### # Defining VM controller settings for this machine vm_controller: ### # Type of the VM controller, Options are "vagrant" and "running_vm" vm_type: vagrant ### # # path where the vagrantfile is in vagrantfilepath: systems ### # simple switch if targets is used in attack simulation. Default is true. If set to false the machine will not be started active: no ### # Name of machine in Vagrantfile, main way to reference this machine vm_name: target1 ### # Machine can have nicknames. They can be used in complex attacks to reference the machine nicknames: - "web server" ### # OS of the VM guest. Options are so far "windows", "linux" os: linux ### # Targets need a unique PAW name for caldera paw: target1 ### # Targets need to be in a group for caldera. The group is more relevant than the paw. Better put every target in a unique group group: red ### # machinepath is a path where the machine specific files and logs are stored. Relative to the Vagrantfile path # and will be mounted internally as /vagrant/ for linux machines # If machinepath is not set PurpleDome will try "vm_name" machinepath: target1 ### # Do not destroy/create the machine: Set this to "yes". Good if you want to keep this machine around between experiments use_existing_machine: yes ### # The folder all the implants will be installed into. IN the machine playground: /home/vagrant ### # List of sensors to run on this machine. They are implemented as plugins and have a unique name sensors: # - osquery - name: target2 ### # Defining VM controller settings for this machine vm_controller: ### # Type of the VM controller, Options are "vagrant" and "running_vm" vm_type: vagrant ### # path where the vagrantfile is in vagrantfilepath: systems ### # simple switch defining if targets is used in attack simulation. Default is true. If set to false the machine will not be started active: no ### # Name of machine in Vagrantfile, main way to reference this machine vm_name: target2 ### # Machine can have nicknames. They can be used in complex attacks to reference the machine nicknames: - "t2" - "practice target" ### # OS of the VM guest. Options are so far "windows", "linux" # This is the example for a windows machine. Windows machines are much trickier to handle in Vagrant ! Check the documentation os: windows ### # Targets need a unique PAW name for caldera paw: target2w ### # Targets need to be in a group for caldera. The group is more relevant than the paw. Better put every target in a unique group group: red_windows ### # machinepath is a path where the machine specific files and logs are stored. Relative to the Vagrantfile path # and will be mounted internally as /vagrant/ for linux machines # If machinepath is not set PurpleDome will try "vm_name" machinepath: target2w ### # Do not destroy/create the machine: Set this to "yes". use_existing_machine: yes ### # Optional setting to activate force when halting the machine. Windows guests sometime get stuck halt_needs_force: yes ### # If SSH without vagrant support is used (Windows !) we need a user name (uppercase) ssh_user: PURPLEDOME ### # If SSH without vagrant support is used (Windows !) we maybe need a password ssh_password: PURPLEDOME ### # For non-vagrant ssh connections a ssh keyfile stored in the machinepath is required. ssh_keyfile: id_rsa.3 ### # The folder all the implants will be installed into # Windows can only use default playground at the moment ! # playground: C:\\Users\\PurpleDome ### # Sensors to run on this machine sensors: - osquery ### # Vulnerabilities to pre-install. They are implemented as plugins vulnerabilities: - weak_user_passwords - rdp_config_vul # Ubuntu 20.10 (Groovy) - name: target3 ### # Defining VM controller settings for this machine vm_controller: ### # Type of the VM controller, Options are "vagrant" and "running_vm" vm_type: vagrant ### # path where the vagrantfile is in vagrantfilepath: systems ### # simple switch if targets is used in attack simulation. Default is true. If set to false the machine will not be started active: yes ### # Name of machine in Vagrantfile, main way to reference this machine vm_name: target3 ### # Machine can have nicknames. They can be used in complex attacks to reference the machine nicknames: - "red shirt" - "the flag" ### # OS of the VM guest. Options are so far "windows", "linux" # This is the example for a windows machine. Windows machines are much trickier to handle in Vagrant ! Check the documentation os: linux ### # Targets need a unique PAW name for caldera paw: target3 ### # Targets need to be in a group for caldera. The group is more relevant than the paw. Better put every target in a unique group group: red ### # machinepath is a path where the machine specific files and logs are stored. Relative to the Vagrantfile path # and will be mounted internally as /vagrant/ for linux machines # If machinepath is not set PurpleDome will try "vm_name" machinepath: target3 ### # Do not destroy/create the machine: Set this to "yes". use_existing_machine: no ### # The folder all the implants will be installed into playground: /home/vagrant # Sensors to run on this machine sensors: - osquery ### # Vulnerabilities to pre-install. They are implemented as plugins vulnerabilities: - sshd_config_vul - weak_user_passwords ### # General attack config attacks: ### # configure the seconds the system idles between the attacks. Makes it slower. But attack and defense logs will be simpler to match nap_time: 5 ### # The obfuscator to use between the implant and the server. Not all obfuscators are supported by all implants. Existing obfuscators: # plain-text, base64, base64jumble, caesar, base64noPadding, steganography caldera_obfuscator: plain-text ### # Jitter settings for the implant. it is min/max seconds. The first number has to be smaller. Default is 4/8 caldera_jitter: 4/8 ### # A list of caldera attacks to run against the targets. caldera_attacks: ### # Linux specific attacks. A list of caldera ability IDs linux: - "bd527b63-9f9e-46e0-9816-b8434d2b8989" ### # Windows specific attacks. A list of caldera ability IDs windows: - "bd527b63-9f9e-46e0-9816-b8434d2b8989" ### # Plugin based attacks. Will result in plugins being called plugin_based_attacks: ### # Linux specific attacks, a list linux: - hydra - nmap ### # Windows specific attacks, a list windows: - hydra - nmap ### # Configuration for the plugin based attack tools attack_conf: ### # Hydra configuration hydra: ### # A list of protocols to brute force against. Supported: "ssh" protocols: - ssh - rdp #- ftps ### # A file containing potential user names userfile: users.txt ### # A file containing potential passwords pwdfile: passwords.txt nmap: ### # General sensor config config sensor_conf: ### # Osqueryplugin configuration osquery: foo: bar ### # Settings for the results being harvested results: ### # The directory the loot will be in loot_dir: loot