Virtual Machine for Adversary Emulation and Threat Hunting by RedHunt Labs

RedHunt OS aims to be a one stop shop for all your threat emulation and threat hunting needs by integrating attacker's arsenal as well as defender's toolkit to actively identify the threats in your environment.

Base Machine:

• Lubuntu-18.04 x64

Tool Setup

Attack Emulation:

• Caldera
• Atomic Red Team
• Nmap
• CrackMapExec
• Metasploit
• Responder
• Zap
• ADRecon

Threat HUNTing:

• Kolide Fleet
• ELK (Elasticsearch, Logstash, and Kibana) Stack

Open Source Intelligence (OSINT):

• Maltego
• Recon-ng
• Datasploit
• theHarvestor

Threat Intelligence:

• Yeti
• Harpoon

Reporting:

• Asciinema
• Flameshot
• CherryTree

VM Download Link:

• Release v2: http://bit.ly/RedHunt-OS-v2. All feedback is welcome.

Changelog

• System Updates
• Tool Updates
• New Categories added: Reporting
• Outdated tools removed
• Base OS Updated to 18.04

Setup:

• Download the latest OVA file from https://github.com/redhuntlabs/RedHunt-OS.
• Import the OVA in VirtualBox.
• Login using the credentials hunter:hunter.
• Update the distribution ‘sudo apt-get update && sudo apt-get upgrade’.
• Configure/Use the tools.

VM Credentials: Username: hunter Password: hunter

Caldera Credentials: Username: admin Password: caldera

Checksums:

Version 1

• MD5: f8d433140f7e2b370b81c8b6ed3c951f
• SHA1: 66b6a9bdbd2c6f029de9d17a2e086166a1ab7fd3

Sneak Peek:

To-Do:

• Integrate Memory Forensics and Analysis Framework
• Integrate Reporting Tools
• Integrate Threat Intelligence Frameworks
• Integrate OSINT Frameworks

Website:

• https://redhuntlabs.com

Twitter:

• https://twitter.com/redhuntlabs

References:

• https://cyberwardog.blogspot.in/2017/02/setting-up-pentesting-i-mean-threat_98.html
• https://jordanpotti.com/2018/02/16/elk-osquery-kolide-fleet-love/