RedHerd Framework: simulating complex offensive cyberspace operations

RedHerd Framework

RedHerd is a collaborative and serverless framework for orchestrating a geographically distributed group of assets capable of conducting simulating complex offensive cyberspace operations.

The framework takes advantage of the “as a Service” paradigm in order to deploy a ready-to-use infrastructure that can also be adopted for effective training purposes, by reliably reproducing a real-world cyberspace scenario in which red and blue teams can challenge each other. RedHerd perfectly fits the Open Systems Architecture design pattern, thanks to the adoption of both open standards and wide-spread open source software components.

Architecture

RedHerd uses some specialized Docker containers in order to integrate many communities acclaimed open-source products with a custom application layer, implemented for interoperability purposes. These containers have been designed to compartmentalise features and to allow horizontal scaling if needed. The described architecture offers a high level of automation by allowing minimized user interaction during the asset setup process and is bounded by a Virtual Private Network (VPN) granting Operations Security (OPSEC) by design.

The main elements of the RedHerd framework are listed hereafter:

  • Assets: multi-platform devices (Windows, Linux, MacOS and Android) that can be orchestrated to perform cyber operations;
  • Herd-Server: the Node.js core of the framework which is responsible for interacting with the assets. It receives and multiplexes all the inputs from the operators thanks to an extended set of Application Programming Interfaces (API) and dispatches the output received from the assets via a Socket.IO channel;
  • File-Server: an FTPS-based server, which allows secure file transfer among operators and assets;
  • OVPN-Server: the OpenVPN gateway for all entities interacting with the framework;
  • Distribution-Server: the only component publicly accessible outside the VPN edge, which represents an Nginx web server that distributes, after authentication, all the configuration files needed by an entity attempting to join the framework;
  • Herd-View: a Progressive Web Application (PWA) written in Angular that provides a user-friendly interface to monitor and task all the assets in real-time;
  • Client: the device used by an operator to interact with the framework components.

Last but not least, Herd-CLI represents the administrative application for managing the entire framework.

Features

RedHerd has several overwhelming features that characterize it with strong orchestration capabilities:

  • Intuitive Interface: it provides, through Herd-View, an intuitive web application to easily interact with the assets;
  • Multi-Platform: it is able to orchestrate a wide range of devices, offering joining and tasking procedures for different operating systems (Windows, Linux, MacOS, and Android);
  • Multi-User: it supports multi-user collaboration. The teamwork has become crucial for effective operations. In relation to this, joining RedHerd many users can task the same asset or operate independently;
  • Agentless: it overcomes the requirement of a local agent waiting for a task to accomplish. Specifically, during the task warmup, Herd-Server receives a job for an asset and initiates an SSH connection with it. Subsequently, it specializes and executes the set of commands needed to reach the expected result, allowing a lightweight computational effort asset-side;
  • Easily Deployable: it is cross-platform and can be deployed both on-premise and in a Cloud-based environment. In order to grant this feature, a bash script has been proposed to automate the framework deployment process on a Debian-based distro. Taking into account the design choice to use docker-enabled containerization, an equivalent script could be easily developed allowing RedHerd to be hosted on a different operating system;
  • Easily Expandable: it provides developer ready JavaScript specifications, offering an easy way to expand the product features by writing custom modules and accomplishing an uncountable number of tasks;
  • API Driven: it is driven by an extensive set of REST API which enables a third-party application to easily interact with and make use of the framework features.

Install & Use

Copyright (c) 2021 RedHerd-Project


Source: Penetration Testing

Leave a Reply