Rapid Attack Infrastructure (RAI)
Switch branches/tags
Nothing to show
Clone or download
Latest commit 6806388 Jul 9, 2018
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.circleci Update config.yml Feb 14, 2018
AttackServers Delete Dockerfile Feb 14, 2018
DockerSetup Update dockerSetup.sh Jun 6, 2018
GoPhish Update Dockerfile Jun 6, 2018
PhishingServer Update emailServer.sh Jun 6, 2018
Redirectors Update DNS.sh Jun 6, 2018
docs Add files via upload Jul 9, 2018
LICENSE Initial Commit Feb 12, 2018
README.md Update README.md Jul 9, 2018

README.md

Rapid Attack Infrastructure (RAI)

Red Team Infrastructure... Quick... Fast... Simplified

One of the most tedious phases of a Red Team Operation is usually the infrastructure setup. This usually entails
a teamserver or controller, domains, redirectors, and a Phishing server. Each of these have their own nuances when it comes to setup, but overall this setup process can take days. This process just seemed overly complex and time consuming. There are several issues that come to mind when considering how a painful and time consuming setup can impact a Red Team, but the most important thing to consider is: What if your domain(s) get burned and you need to spin up new infrastructure during the OP? Now if you're an internal Red Team this may not be an issue, but in the world of Red Team Consulting; time is money and could very well cost you your OP. With a RAI deployment, it can all be done in roughly ~1 hour. This includes everything from your Teamserver (CobaltStrike), redirectors to Phishing Servers with full DKIM, DMARC, SPF, etc.

Some of the major components of this infrastructure include:

  • CobaltStrike
  • Docker
  • GoPhish
  • NGINX
  • Postfix
  • IPTables
  • Openssl  

Core Development:

  • Keelyn Roberts [Twitter] @real_slacker007 -- [Web] ObscurityLabs
  • Alexander Rymdeko-Harvey [Twitter] @Killswitch-GUI -- [Web] ObscurityLabs

Special Thanks: