jcwilliamsATmitre
commented
3 years ago @leonardogavaudan good catch! Yes the file to edit should be the version copied over to CALDERA, the original path was that of the repo.
Closed leonardogavaudan closed 3 years ago
jcwilliamsATmitre
commented
3 years ago @leonardogavaudan good catch! Yes the file to edit should be the version copied over to CALDERA, the original path was that of the repo.
Hi,
I was trying to follow the installation steps given to reproduce the APT 29 attack. I'm currently on a MacOS BigSur version 11.2.1 and running a zsh shell, although that shouldn't be a problem given that the script interpreters use /bin/bash Go version: go version go1.16.2 darwin/amd64 Python version: Python 3.7.7
One of setup instructions is to update appropriately
./data/sources/4fb34bde-b06d-445a-a146-8e35f79ce546.yml:Next, update the CALDERA facts located here ./data/sources/4fb34bde-b06d-445a-a146-8e35f79ce546.yml with the appropriate values for your environment. Keys to update include:This file comes from the CALDERA_DIY/evals/data/sources/ folder which we copy into our caldera folder with this command:
cp -R attack-arsenal/adversary_emulation/APT29/CALDERA_DIY/evals caldera/plugins/Here we're copying the the evals folder in caldera/plugins.
I'm a bit confused as to whether we want to copy the file
/caldera/plugins/evals/data/sources/4fb34bde-b06d-445a-a146-8e35f79ce546.ymlto/caldera/data/sources/and then edit it appropriately, or leave the file in/caldera/plugins/evals/data/sources/and edit it there.Hope this helps! Thanks in advance for your help and time. Please let me know if you need anything else.
Leonardo