Adversary Mode in Caldera 2.x #1971
-
|
Hey there! I've been exploring Caldera as an automated adversary emulation tool. At first I was interested by the ability of Caldera to plan by "looking ahead" and choosing the action with the best finite-horizon reward. As it seems, this is not the case anymore since Caldera 2.0, and although the adversary plugin can bring this mode into Caldera 2.0, it seems that it only works on windows. I was interested in a solution that works in all platforms. Are there any plans to implement adversary mode in Caldera 2.x such that it works not only on windows but on any other platform as well? If not, how could this be done? For example, could one build a custom planner for stockpile that can "look ahead"? What do you think would be the best approach? Thank you |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
|
Hey Pedro, Thanks for posting this, and awesome to hear you're interested in some of the planning aspects for CALDERA. You're indeed right that we no longer are shipping with the finite lookahead planner -- our default planner now is much more simple, and just executes actions in sequence. We do have plans to release a similar lookahead planner in the future, but these have been slightly delayed due to our recent planner refactor. That said, you could definitely build one on your own, either leveraging our old approach or trying to put in a new one. Our readthedocs pages have some good resources for getting started:
On the second link, you can read a little about parsers: these are effectively modern CALDERA's treatment of postconditions. We don't have a good page on it, but we have similar definitions for "requirements" that match the syntax of parsers. On the third link, you can see we have stubs in place for objectives + goals -- these are useful if you're going to put a new planner together, but aren't really used by our current planners. On the last link, you'll see one of the bigger differences between CALDERA today and what we had in adversary mode: the use of "buckets." These buckets allow you to bin techniques together, and effectively allow you to construct simple state machines. While this is to some extent more simplistic than the lookahead planner, it does open doors for new planning paradigms, and possibly better orchestration of larger buckets of tests. My recommendation would be to try first playing with creating your own bucket-style planner, and then diving more into facts, variables, relationships, and parsers to build out one that does a lookahead search. |
Beta Was this translation helpful? Give feedback.
Hey Pedro,
Thanks for posting this, and awesome to hear you're interested in some of the planning aspects for CALDERA.
You're indeed right that we no longer are shipping with the finite lookahead planner -- our default planner now is much more simple, and just executes actions in sequence. We do have plans to release a similar lookahead planner in the future, but these have been slightly delayed due to our recent planner refactor.
That said, you could definitely build one on your own, either leveraging our old approach or trying to put in a new one. Our readthedocs pages have some good resources for getting started: