abaddon: make red team operations faster, more repeatable, stealthier

Abaddon

Red team operations involve miscellaneous skills, the last several months and are politically sensitive; they require a lot of monitoring, consolidating and caution. Wavestone’s red team operations management software, Abaddon, has been designed to make red team operations faster, more repeatable, stealthier, while including value-added tools and bringing numerous reporting capabilities.

Because:

• There are tons of tools used by red teamers
• … but no operation management (and free and open-source) software
• … and no aggregation between these tools, anyway
• … and “Operational security” failures are common

What did we want with Abaddon ?:

Abaddon aims at facilitating red team operations by:

• Reducing the time to build an infrastructure
• Enabling complex actions with 1 or 2 clicks
• Enabling easier reporting for long operations
• Reducing the “OPSEC failure” risk

The slides presenting Abaddon at RSAC2020 can be found here: (Abaddon, the red team angel)

What you can deploy

• Deployed within 30 minutes
• Throwable, authenticated, stealth
• Enables phishing as well as remote command execution

Other features

• Reconnaissance: graphical interface to NMAP, Recon-NG, HunterIO, and Amass
• Weaponization: generation of obfuscated payloads under development
• Delivery: one or two-clicks deployment of EC2 instances, Gophish, and of a fully functional, stealthy & dockerized C&C infrastructure as shown above
• Exploitation & Post-Exploitation: ideas under development 🙂
• Reporting: a simple dashboard ready but still under development to follow your operations

Install & Use

FIR – Cybersecurity incident management framework
Copyright (C) 2015 CERT Société Générale

Author

• Charles IBRAHIM (@Ibrahimous)