#
Getting Started
This document covers the infrastructure setup for emulating Turla in Round 5 of ATT&CK Evaluations Enterprise.
Getting Started Prerequisites Terraform Detections vs Protections Setup Guides Support - Setup First Carbon Snake Red Team
#
Prerequisites
It is assumed you have a working knowledge of the following concepts and access to related tools:
Linux Shell Scripting (e.g. bash),
Existing Microsoft Azure with permissions to perform required actions (create manage resources including VM instances, VNETs, Virtual Network Gateways, and related resources),
Concepts such as DNS, Email,
PKI,
and common system administration concepts for Windows and Linux
#
Terraform
Terraform is used to initialize the Turla infrastructure.
NOTE: You may be prompted to accept the Terms and subscribe for the Kali image in the Azure Marketplace. If prompted, follow the URL provided in the terminal and click the Subscribe button. Once the process completes, re-run the Terraform plan and apply commands below.
- Create a Terraform settings file from the included template.
cp -a deploy.auto.tfvars.template deploy.auto.tfvars
- Open the
deploy.auto.tfvars
in an editor, and configure with desired values.
- Time to run Terraform.
- Initialize your Terraform environment.
terraform init
- Validate your Terraform configuration.
terraform validate
- Plan your deployment with Terraform.
terraform plan --out=tfplan
- Execute the Terraform plan created in the previous step.
terraform apply tfplan
- NOTE: This step may take a 15-30 minutes to properly provision all resources. This is normal.
- You are done, celebrate!
- Initialize your Terraform environment.
#
Detections vs Protections
For the Turla evaluation, the Protections evaluation was conducted on a clone of the Detections range. Therefore there is only one infrastructure configuration, there is no differernce from an Infrastructure perspective whether the environment is used for Detections or Protections, all setup is identical.
#
Setup Guides
There are four components of the Turla infrastructure, each broken out below. Each guide assumes the infrastructure has already been setup with Terraform.
#
Support - Setup First
Contains resources that support the entire range, such as DNS, mail, and traffic redirection. Should be setup first, prior to configuring other components.
See Setup Support for details.
#
Carbon
Contains resources related to the Carbon scenario, also referenced as "Scenario 1".
See Setup Carbon for details.
#
Snake
Contains resources related to the Snake scenario, also referenced as "Scenario 2".
See Setup Snake for details.
#
Red Team
Contains resources that support Red Team activity directly.
See Setup Red Team for details.