#
Self Signed Certificate Authority
Self Signed Certificate Authority Summary Example Certificate Authority Creation Create Host Certificate
Install on Snake Windows Domain Update on Kali box Install custom certificate on Kali box Setup nato-int[.]com redirect Update Wordpress installation Send Carbon Scenario Email
#
Summary
CloudFlare's CFSSL project was used to generate a certificate authority, intermediate certificate, and host certificate for the scenario, to emulate a valid issued TLS certificate.
#
Example Certificate Authority Creation
The following provides an example of how to generate the CA, intermediate CA, and host certificate using CFSSL. A full explanation of CFSSL can be found on the project GitHub page.
- Update
ca.json
,intermediate-ca.json
, andhost1.json
as appropriate to reflect the new certificate authority, certificate authority intermediate certificate, and host certificate for web host. - The
cfssl.json
provided has the needed roles predefined, but may need to be modified based on your particular needs. - Run the following commands to generate the CA certificate, and intermediate issuing certificate:
cfssl gencert -initca ca.json|cfssljson -bare ca
cfssl gencert -initca intermediate-ca.json| cfssljson -bare intermediate_ca
cfssl sign -ca ca.pem -ca-key ca-key.pem -config cfssl.json -profile intermediate_ca intermediate_ca.csr | cfssljson -bare intermediate_ca
#
Create Host Certificate
Run the following command:
-
cfssl gencert -ca intermediate_ca.pem -ca-key intermediate_ca-key.pem -config cfssl.json -profile=server host1.json|cfssljson -bare host-1-server
Jobs done.
#
Install on Snake Windows Domain
Use Group Policy to deploy trusted certificate on domain.
- Connect to Snake Active Directory controller (
berlios
) - Follow directions from Microsoft to trust certificate authority and intermediate certificate on domain.
- Deploy updated group policy to
nk
domain.
#
Update on Kali box
#
Install custom certificate on Kali box
From Kali, run kali-install-custom-certs.sh
#
Setup nato-int[.]com redirect
From Kali, run kali-set-nato-int-redirect.sh
#
Update Wordpress installation
From Kali, run kali-update-wp.sh
#
Send Carbon Scenario Email
From Kali, run kali-send-email.sh