Copyright (c) Microsoft Corporation. All rights reserved. Licensed under the MIT License.

# Command and Control interface
This notebooks shows how to interact with the command&control server to observe the environment and initiate actions on the nodes where the attacker client is installed.

In [9]:
import networkx as nx
from tabulate import tabulate
import cyberbattle.simulation.model as model
import cyberbattle.simulation.actions as actions
import cyberbattle.simulation.commandcontrol as commandcontrol
import importlib
importlib.reload(model)
importlib.reload(actions)
importlib.reload(commandcontrol)
import plotly.offline as plo
plo.init_notebook_mode(connected=True)

We first create a simulation environment from a randomly generated network graph.

In [10]:
g = nx.erdos_renyi_graph(35,0.05,directed=True)
g = model.assign_random_labels(g)
env = model.Environment(network=g, vulnerability_library=dict([]), identifiers=model.SAMPLE_IDENTIFIERS)


We create the `CommandControl` object used to the environment and execute actions, and plot the graph explored so far.


In [11]:
c = commandcontrol.CommandControl(env)

In [12]:
c.plot_nodes()
print("Nodes disovered so far: " + str(c.list_nodes()))
starting_node = c.list_nodes()[0]['id']

Nodes disovered so far: [{'id': '17', 'status': 'owned'}]


For debugging purpose it's also convient to view the internals of the environment via the `EnvironmentDebugging` object. For instance we can use it to plot the entire graph, including nodes that were not discovered yet by the attacker.

In [13]:
dbg = commandcontrol.EnvironmentDebugging(c)

In [14]:
# env.plot_environment_graph()
# print(nx.info(env.network))

In [15]:
print(tabulate(c.list_all_attacks(),{}))

  id  status    properties                                               local_attacks    remote_attacks
----  --------  -------------------------------------------------------  ---------------  ----------------
  17  owned     ['Windows', 'GuestAccountEnabled', 'Win10', 'Azure-VM']  []               []


In [16]:
outcome = c.run_attack(starting_node, 'RecentlyAccessedMachines')
outcome

In [17]:
c.plot_nodes()

In [18]:
print(tabulate(c.list_nodes(),{}))

  id  status
----  --------
  17  owned


In [19]:
print(tabulate(c.list_all_attacks(),{}))

  id  status    properties                                               local_attacks    remote_attacks
----  --------  -------------------------------------------------------  ---------------  ----------------
  17  owned     ['Windows', 'GuestAccountEnabled', 'Win10', 'Azure-VM']  []               []
