Calhoun: The NPS Institutional Archive DSpace Repository Theses and Dissertations 1. Thesis and Dissertation Collection, all items 2019-12 CYBER AUTOMATED RED TEAM TOOL Edwards, Preston L. Monterey, CA; Naval Postgraduate School http://hdl.handle.net/10945/64145 Downloaded from NPS Archive: Calhoun NAVAL POSTGRADUATE SCHOOL MONTEREY, CALIFORNIA THESIS CYBER AUTOMATED RED TEAM TOOL by Preston L. Edwards December 2019 Thesis Advisor: Gurminder Singh Co-Advisor: Alan B. Shaffer Approved for public release. Distribution is unlimited. THIS PAGE INTENTIONALLY LEFT BLANK Form Approved OMB REPORT DOCUMENTATION PAGE No. 0704-0188 Public reporting burden for this collection of information is estimated to average 1 hour per response, including the time for reviewing instruction, searching existing data sources, gathering and maintaining the data needed, and completing and reviewing the collection of information. Send comments regarding this burden estimate or any other aspect of this collection of information, including suggestions for reducing this burden, to Washington headquarters Services, Directorate for Information Operations and Reports, 1215 Jefferson Davis Highway, Suite 1204, Arlington, VA 22202-4302, and to the Office of Management and Budget, Paperwork Reduction Project (0704-0188) Washington, DC 20503. 1. AGENCY USE ONLY 2. REPORT DATE 3. REPORT TYPE AND DATES COVERED (Leave blank) December 2019 Master's thesis 4. TITLE AND SUBTITLE 5. FUNDING NUMBERS CYBER AUTOMATED RED TEAM TOOL 6. AUTHOR(S) Preston L. Edwards 7. PERFORMING ORGANIZATION NAME(S) AND ADDRESS(ES) 8. PERFORMING Naval Postgraduate School ORGANIZATION REPORT Monterey, CA 93943-5000 NUMBER 9. SPONSORING / MONITORING AGENCY NAME(S) AND 10. SPONSORING / ADDRESS(ES) MONITORING AGENCY N/A REPORT NUMBER 11. SUPPLEMENTARY NOTES The views expressed in this thesis are those of the author and do not reflect the official policy or position of the Department of Defense or the U.S. Government. 12a. DISTRIBUTION / AVAILABILITY STATEMENT 12b. DISTRIBUTION CODE Approved for public release. Distribution is unlimited. A 13. ABSTRACT (maximum 200 words) The Cyber Automated Red Team Tool (CARTT) is designed to address the shortage within the Department of Defense (DoD) of trained red teams that are able to conduct security assessments of cyber systems. CARTT, implemented in software, simulates the actions of a red team by automatically identifying and analyzing vulnerabilities in computer systems, and then exploiting those vulnerabilities with cyber-attack actions. It then presents the user with a summary of the results after it conducts its assessment. An ongoing project at NPS has developed the first version of a CARTT, which can conduct vulnerability assessments of computers. This research has extended the capability of the CARTT graphical user interface (GUI), and software to enable an operator to select and automatically execute scripted red team attacks against specified targets to achieve intended cyber effects. The automated nature of these attack scripts allows their use by operators who do not have extensive training in offensive cyber operations (OCO) or red teaming. 14. SUBJECT TERMS 15. NUMBER OF automation, CARTT, cyber, cyber automated red team tool, cyber physical systems, cyber PAGES security, cyber systems, offensive cyber operations, penetration testing, red teaming, 71 vulnerability assessment 16. PRICE CODE 17. SECURITY 18. SECURITY 19. SECURITY 20. LIMITATION OF CLASSIFICATION OF CLASSIFICATION OF THIS CLASSIFICATION OF ABSTRACT REPORT PAGE ABSTRACT Unclassified Unclassified Unclassified UU NSN 7540-01-280-5500 Standard Form 298 (Rev. 2-89) Prescribed by ANSI Std. 239-18 i THIS PAGE INTENTIONALLY LEFT BLANK ii Approved for public release. Distribution is unlimited. CYBER AUTOMATED RED TEAM TOOL Preston L. Edwards Lieutenant, United States Navy BS, University of Georgia, 1998 MBA, Hawaii Pacific University, 2011 Submitted in partial fulfillment of the requirements for the degree of MASTER OF SCIENCE IN COMPUTER SCIENCE from the NAVAL POSTGRADUATE SCHOOL December 2019 Approved by: Gurminder Singh Advisor Alan B. Shaffer Co-Advisor Peter J. Denning Chair, Department of Computer Science iii THIS PAGE INTENTIONALLY LEFT BLANK iv ABSTRACT The Cyber Automated Red Team Tool (CARTT) is designed to address the shortage within the Department of Defense (DoD) of trained red teams that are able to conduct security assessments of cyber systems. CARTT, implemented in software, simulates the actions of a red team by automatically identifying and analyzing vulnerabilities in computer systems, and then exploiting those vulnerabilities with cyber-attack actions. It then presents the user with a summary of the results after it conducts its assessment. An ongoing project at NPS has developed the first version of a CARTT, which can conduct vulnerability assessments of computers. This research has extended the capability of the CARTT graphical user interface (GUI), and software to enable an operator to select and automatically execute scripted red team attacks against specified targets to achieve intended cyber effects. The automated nature of these attack scripts allows their use by operators who do not have extensive training in offensive cyber operations (OCO) or red teaming. v THIS PAGE INTENTIONALLY LEFT BLANK vi TABLE OF CONTENTS I. INTRODUCTION..................................................................................................1 A. PROBLEM STATEMENT .......................................................................2 1. Primary Question ...........................................................................2 2. Secondary Question .......................................................................2 B. METHODOLOGY ....................................................................................3 C. SCOPE ........................................................................................................3 D. BENEFITS OF STUDY .............................................................................4 E. THESIS ORGANIZATION ......................................................................4 II. BACKGROUND ....................................................................................................7 A. CURRENT STATE OF DOD OPERATIONAL TESTING AND EVALUATION ..........................................................................................7 B. DEPARTMENT OF DEFENSE WEAPON SYSTEMS AND NETWORKS ..............................................................................................8 1. Complexity and Interoperability ..................................................8 2. Factors Affecting Cybersecurity ...................................................9 3. Access Interface Types ................................................................11 C. PENETRATION TESTING ...................................................................12 1. DoD Penetration Test Policy .......................................................13 D. RED TEAM TOOLS ...............................................................................14 1. Cobalt Strike.................................................................................14 2. Core Impact ..................................................................................15 3. Canvas ...........................................................................................16 4. Metasploit Framework ................................................................16 E. RELATED RESEARCH .........................................................................17 1. Penetration Testing in a Box .......................................................17 2. Automated Network Intrusion Process ......................................18 3. Automated Attack Model for Red Teams ..................................19 4. Automatic Executing Penetration Testing .................................21 5. Automated Penetration Testing Based on a Threat Model ......22 6. Efficiency and Effectiveness of Penetration Test Automation ...................................................................................22 F. CARTT ARCHITECTURE ....................................................................23 G. CHAPTER SUMMARY ..........................................................................23 III. DESIGN METHODOLOGY ..............................................................................25 A. TEST DESIGN .........................................................................................25 vii B. METASPLOIT FRAMEWORK ARCHITECTURE ..........................26 C. CARTT PROCESS FLOW .....................................................................26 D. CARTT GUI DESIGN .............................................................................28 E. CARTT GUI OPERATIONS .................................................................30 F. CHAPTER SUMMARY ..........................................................................37 IV. SYSTEM IMPLEMENTATION AND TESTING ...........................................39 A. IMPLEMENTATION AND SETUP ......................................................39 1. Backend Applications ..................................................................39 2. GUI Implementation ....................................................................40 B. SYSTEM TESTING ................................................................................41 C. RESULTS .................................................................................................45