Development and operations a practical guide
Download 4.62 Mb. View original pdf
|
| File Hierarchy //repository/engagement_name/0-admin Administrative event information—approved IP lists, ROE, briefings, etc. //repository/engagement_name/1-osint Pre-event collected OSINT information //repository/engagement_name/2-recon Reconnaissance information (DNS lookups, NMAP scans, eyewitness information, etc.) //repository/engagement_name/3-targets Per-target specific information (local users, file trees, command output, etc.) Domain-specific information (DSQUERY, domain users, domain controllers, file shares) //repository/engagement_name/3-targets/ip_hostname/exfil ● Per-target exfiltrated data (password files, user data, diagrams, etc. There must be a separate folder per target (ip_hostname or URL). ● File servers must each have their own EXFIL folder and be treated as separate targets for the purpose of EXFIL. //repository/engagement_name/4-screenshots ● Screenshots formatted as YYYYMMDD_HHMM_IP_Description.jpg/png must be stored here no matter their source. Host, guest, application, tool, and print-screen-generated screenshots must all be copied to this location. //repository/engagement_name/5-payloads ● ALL payloads (EXEs, scripts, phishing emails) must be stored under the appropriate subdirectory and entered into the OPLOG. ● This allows the team to track all payloads that are created and pushed on a target network for later cleanup, deconfliction, etc. //repository/engagement_name/6-logs ● Stores all exported logs in the appropriate directory. ● The final OPLOG is stored here (example //repository/engagement_name/6- logs/20190301_170100_OPLOGredteamconsole1.xls|csv|etc.). //repository/engagement_name/6-logs/redteamconsole1 ● Copy all logs to the appropriate Red system directory. Raw console data (example //repository/engagement_name/6- logs/redteamconsole1/20190308_151312_CDT.terminal.log.raw ) ● Tool/application logs Daily OPLOGs are stored here (example //repository/engagement_name/6- logs/readteamconsole1/20190308_151820_OPLOG.xls|csv|etc .). Example of the data repository file structure |