A CLIENT/SERVER MODEL FOR AUTOMATED RED TEAMING
Authors
Berrios, Joseph A.
Subjects
red teaming
client/server
automated
Red Team in a Box
RTIB
Cyber Automated Red Team Tool
CARTT
client/server
automated
Red Team in a Box
RTIB
Cyber Automated Red Team Tool
CARTT
Advisors
Shaffer, Alan B.
Singh, Gurminder
Date of Issue
2020-12
Date
Publisher
Monterey, CA; Naval Postgraduate School
Language
Abstract
Red Team testing is a proven method to improve cybersecurity on organizational networks. However, due to the low availability of required expertise in this field, red teaming is prohibitively expensive to conduct on a large scale. In response, the Office of the Secretary of Defense has sponsored research to build a Red Team in a Box (RTIB) tool to perform many of the basic red team functions without requiring the user to have in-depth knowledge of red teaming tools and techniques. This research has resulted in the prototype implementation of CARTT, the Cyber Automated Red Team Tool.
This thesis extended CARTT from its current stand-alone host-based implementation to include the ability to identify potential targets on a range network, communicate results to a command node, and respond to orders to attack from the command node. Redesigning the CARTT as a client/server system allows system administrators to access the tool remotely, affording increased cybersecurity throughout the Navy’s networks while reducing the cost of red teaming. Additionally, the client/server model mitigates the risk of having Metasploit and OpenVAS installed on machines throughout these target networks. A messaging system was implemented that facilitates a command and control channel between users.
Type
Thesis
Description
Series/Report No
NPS Outstanding Theses and Dissertations
Department
Computer Science (CS)
Organization
Identifiers
NPS Report Number
Sponsors
Funder
Format
Citation
Distribution Statement
Approved for public release. distribution is unlimited
Rights
This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.