adversary simulation

Brute Ratel was built not only for Red Team, but also for Adversary Simulation operations. A dedicated Adversary Simulation feature can be loaded from C4 Profiler->Load Simulation menu. Before you load a simulation, you would need to create a simulation. Brute Ratel now contains a directory named as ‘simulations’. To create a simulation, you have to create a json file here with whatever name you want. This file should contain the MITRE tactics and techniques, technique ID and name, and the commands you want to run. To provide a demo, I have already added a json file in the simulations directory for the APT33 group which was extracted from the MITRE website. A sample json file looks like the one below.

It’s mandatory that the json file has to be in this format, because this file will be parsed and loaded by the server to run simulations when you select C4 Profiler->Load Simulation. Once you select the simulation option here, you will find a new tab added to your War Manager.

If you want to upload any files using the simulation optionm you would have to specify that path in the upload command. In the above image, you can see that before I ran the ‘run CVE-2017-0213_x64.exe’, I uploaded the file by specifying the path from the server. You can also however load this from the badger’s terminal as well. You can select the badger on which you want to run the command from the (b-0) dropdown box and then click on the ‘Run’ button to run that specific command.