The ZeroToImpact Project: Simulate, understand, and mitigate cybersecurity threats from inception to impact.
An interactive, web-based educational platform meticulously crafted to emulate cyberattacks across cloud environments, providing a comprehensive understanding of attack methodologies and defense strategies. Featuring a seamless one-click attack initiation, our dedicated application delivers a user-friendly, hands-on learning experience tailored to attack emulation, empowering users to explore, simulate, and analyze cyber threats from inception to resolution.
1. Install Node.js, Python, and AWS CLI: If not already installed, download and install Node.js, Python, AWS CLI
2. Navigate to the application directory:
cd .\zerotoimpact\3. Create a Python Virtual Environment:
python3 -m venv .venv4. Activate the Virtual Environment:
Windows
.venv/Scripts/activateLinux
source .venv/bin/activate5. Install Dependencies:
npm install6. Set Enviroment Variable:
AWS Profile Permissions The AWS profile requires AdministratorAccess permission to deploy the vulnerable infrastructure. However, the profile will not be used to execute the attacks
Windows
$env:AWS_DEFAULT_PROFILE="your_aws_profile_to_use"Linux
export AWS_DEFAULT_PROFILE="your_aws_profile_to_use"7. Run the Development Server:
npm run dev8. Access the Application: Open http://localhost:3000 in your browser to access the application.
Note: The Flask server will be running on http://127.0.0.1:5328 – feel free to change the port in package.json' (you'll also need to update it in 'next.config.js').
-
Explore Attack Scenarios: Use the interactive interface to explore different attack scenarios categorized by MITRE ATT&CK tactics.
-
Analyze Attack Paths: Analyze the progression of attacks from initial compromise to lateral movement and exfiltration.
-
Mitigate Attacks: Implement mitigation strategies based on the insights gained from analyzing attack paths.
If an error occurs, the application's Activity Log section will notify you and may suggest destroying resources created during the attack. It's crucial to remove these resources to avoid unnecessary charges and because you must destroy the resources before rerunning the attack with the same username.
Important: Before destroying resources, navigate to the application directory and retrieve the logs from the current application run. Destroying resources through the application also wipes out these logs.
Logs can be found in the api/{attack_emulation}/instances directory as a JSON file.
For example, logs generated during the 'IAM Policy Rollback to S3 Ransomware via KMS key' attack emulation are located in the api/policy_ransom_exploit/instances directory.
Maintainer: @alexgroyz
If you found this tool useful, want to share an interesting use-case, bring issues to attention, whatever the reason - share them. You can email at: agroyz@vectra.ai.