Red Baron: creating resilient, disposable, secure & agile infrastructure for Red Teams

Red Baron is a set of modules and custom/third-party providers for Terraform which tries to automate creating resilient, disposable, secure and agile infrastructure for Red Teams.

During Red Team assessments, infrastructure creation and management can be a huge time sink. This project tries to alleviate this by attempting to automate some (if not all) aspects by providing a set of modules and example configurations: testers can pick & choose the infrastructure to be created and configure it to their needs. Additionally, thanks to the taint Terraform command, burned infrastructure can be re-created in a matter of minutes.

Installation

Red Baron only supports Terraform version 0.10.0 or newer and will only work on Linux x64 systems.

  1. Clone the repository and cd into the directory:
    #~ git clone https://github.com/Coalfire-Research/Red-Baron && cd Red-Baron

     

  2. Create environment variables with the appropriate API Keys
    #~ export AWS_ACCESS_KEY_ID="accesskey"
    #~ export AWS_SECRET_ACCESS_KEY="secretkey"
    #~ export AWS_DEFAULT_REGION="us-east-1"
    #~ export LINODE_API_KEY="apikey"
    #~ export GODADDY_API_KEY="gdkey"
    #~ export GODADDY_API_SECRET="gdsecret"

     

  3. Copy an infrastructure configuration file from the examples folder to the root directory and modify it to your needs
    #~ cp examples/complete_c2.tf .

     

  4. Initialize terraform plugins, make sure everything looks ok, finally create the infrastructure
    #~ terraform init
    #~ terraform plan
    #~ terraform apply

     

Google Cloud Compute

Google Cloud Compute requires creating a project under the Google Cloud console.

  • Create a project, generate a service key, and download the json file to the google_keys dir.
  • Modify the variable.tf and main.tf files to reference your service account key json file and your project-id.
  • Set up firewall rules in the Google Cloud Console: Settings -> VPC network -> Firewall rules. Create a new rule:
    network=default, priority=1, direction=ingress, action on match=allow, ip-range=0.0.0.0/24, protocols:ports=tcp:22,tcp:80,tcp:443

     

Tutorial

Share