diff --git a/src/primaite/notebooks/Command-&-Control-E2E-Demonstration.ipynb b/src/primaite/notebooks/Command-&-Control-E2E-Demonstration.ipynb index 7ee1c5cf..46fbe886 100644 --- a/src/primaite/notebooks/Command-&-Control-E2E-Demonstration.ipynb +++ b/src/primaite/notebooks/Command-&-Control-E2E-Demonstration.ipynb @@ -142,8 +142,15 @@ " keep_alive_frequency: 10\n", " masquerade_protocol: TCP\n", " masquerade_port: DNS\n", - "\n", - "\n", + " 8:\n", + " action: CONFIGURE_C2_BEACON\n", + " options:\n", + " node_id: 0\n", + " config:\n", + " c2_server_ip_address: 192.168.10.22\n", + " keep_alive_frequency:\n", + " masquerade_protocol:\n", + " masquerade_port:\n", "\n", " reward_function:\n", " reward_components:\n", @@ -202,14 +209,39 @@ "\n", "Before any C2 Server commands is able to accept any commands, it must first establish connection with a C2 beacon.\n", "\n", - "This can be done by installing, configuring and then executing a C2 Beacon. " + "A red agent is able to install, configure and establish a C2 beacon at any point of an episode. The code cells below demonstrate what actions and option parameters are needed to perform this." ] }, { "cell_type": "markdown", "metadata": {}, "source": [ - "### **Command and Control** | C2 Beacon Actions | Installation" + "### **Command and Control** | C2 Beacon Actions | NODE_APPLICATION_INSTALL\n", + "\n", + "The custom proxy red agent defined at the start of this notebook has been configured to install the C2 Beacon as action ``1`` on it's action map. \n", + "\n", + "The below yaml snippet shows all the relevant agent options for this action:\n", + "\n", + "```yaml\n", + " action_space:\n", + " action_list:\n", + " ...\n", + " - type: NODE_APPLICATION_INSTALL\n", + " ...\n", + " options:\n", + " nodes: # Node List\n", + " - node_name: web_server\n", + " applications: \n", + " - application_name: C2Beacon\n", + " ...\n", + " ...\n", + " action_map:\n", + " 1:\n", + " action: NODE_APPLICATION_INSTALL \n", + " options:\n", + " node_id: 0 # Index 0 at the node list.\n", + " application_name: C2Beacon\n", + "```" ] }, { @@ -227,7 +259,35 @@ "cell_type": "markdown", "metadata": {}, "source": [ - "### **Command and Control** | C2 Beacon Actions | Configuration" + "### **Command and Control** | C2 Beacon Actions | CONFIGURE_C2_BEACON \n", + "\n", + "The custom proxy red agent defined at the start of this notebook can configure the C2 Beacon via action ``2`` on it's action map. \n", + "\n", + "The below yaml snippet shows all the relevant agent options for this action:\n", + "\n", + "```yaml\n", + " action_space:\n", + " action_list:\n", + " ...\n", + " - type: CONFIGURE_C2_BEACON\n", + " ...\n", + " options:\n", + " nodes: # Node List\n", + " - node_name: web_server\n", + " ...\n", + " ...\n", + " action_map:\n", + " ...\n", + " 2:\n", + " action: CONFIGURE_C2_BEACON\n", + " options:\n", + " node_id: 0 # Node Index\n", + " config: # Further information about these config options can be found at the bottom of this notebook.\n", + " c2_server_ip_address: 192.168.10.21\n", + " keep_alive_frequency:\n", + " masquerade_protocol:\n", + " masquerade_port:\n", + "```" ] }, { @@ -246,7 +306,33 @@ "cell_type": "markdown", "metadata": {}, "source": [ - "### **Command and Control** | C2 Beacon Actions | Establishing Connection" + "### **Command and Control** | C2 Beacon Actions | NODE_APPLICATION_EXECUTE\n", + "\n", + "The final action is ``NODE_APPLICATION_EXECUTE`` which is used to establish connection for the C2 application. This action can be called by the Red Agent via action ``3`` on it's action map. \n", + "\n", + "The below yaml snippet shows all the relevant agent options for this action:\n", + "\n", + "```yaml\n", + " action_space:\n", + " action_list:\n", + " ...\n", + " - type: NODE_APPLICATION_EXECUTE\n", + " ...\n", + " options:\n", + " nodes: # Node List\n", + " - node_name: web_server\n", + " applications: \n", + " - application_name: C2Beacon\n", + " ...\n", + " ...\n", + " action_map:\n", + " ...\n", + " 3:\n", + " action: NODE_APPLICATION_EXECUTE\n", + " options:\n", + " node_id: 0\n", + " application_id: 0\n", + "```" ] }, { @@ -272,14 +358,59 @@ "cell_type": "markdown", "metadata": {}, "source": [ - "## **Command and Control** | C2 Server Actions" + "## **Command and Control** | C2 Server Actions\n", + "\n", + "Once the C2 suite has been successfully established, the C2 Server based actions become available to the Red Agent. \n", + "\n", + "\n", + "This next section will demonstrate the different actions that become available to a red agent after establishing C2 connection:" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ - "### **Command and Control** | C2 Server Actions | Executing Terminal Commands" + "### **Command and Control** | C2 Server Actions | C2_SERVER_TERMINAL_COMMAND\n", + "\n", + "The C2 Server's terminal action is indexed at ``4`` on the custom red agent action map. \n", + "\n", + "This action leverages the terminal service that is installed by default on all nodes to grant red agents a lot more configurability. If you're unfamiliar with terminals then it's recommended that you refer to the ``Terminal Processing`` notebook.\n", + "\n", + "It's worth noting that an additional benefit that a red agent has when using terminal via the C2 Server is that you can execute multiple commands in one action. \n", + "\n", + "In this notebook, the ``C2_SERVER_TERMINAL_COMMAND`` is used to install a RansomwareScript application on the ``web_server`` node.\n", + "\n", + "The below yaml snippet shows all the relevant agent options for this action:\n", + "\n", + "``` yaml\n", + " action_space:\n", + " action_list:\n", + " ...\n", + " - type: C2_SERVER_TERMINAL_COMMAND\n", + " ...\n", + " options:\n", + " nodes: # Node List\n", + " ...\n", + " - node_name: client_1\n", + " applications: \n", + " - application_name: C2Server\n", + " ...\n", + " action_map:\n", + " 4:\n", + " action: C2_SERVER_TERMINAL_COMMAND\n", + " options:\n", + " node_id: 1\n", + " ip_address:\n", + " account:\n", + " username: admin\n", + " password: admin\n", + " commands:\n", + " - \n", + " - software_manager\n", + " - application\n", + " - install\n", + " - RansomwareScript\n", + "```" ] }, { @@ -304,7 +435,36 @@ "cell_type": "markdown", "metadata": {}, "source": [ - "### **Command and Control** | C2 Server Actions | Configuring Ransomware" + "### **Command and Control** | C2 Server Actions | C2_SERVER_RANSOMWARE_CONFIGURE\n", + "\n", + "Another action that the C2 Server grants is the ability for a Red Agent to configure ransomware via the C2 Server. \n", + "\n", + "This action is indexed as action ``5``.\n", + "\n", + "The below yaml snippet shows all the relevant agent options for this action:\n", + "\n", + "``` yaml\n", + " action_space:\n", + " action_list:\n", + " ...\n", + " - type: C2_SERVER_RANSOMWARE_CONFIGURE\n", + " ...\n", + " options:\n", + " nodes: # Node List\n", + " ...\n", + " - node_name: client_1\n", + " applications: \n", + " - application_name: C2Server\n", + " ...\n", + " action_map:\n", + " 5:\n", + " action: C2_SERVER_RANSOMWARE_CONFIG\n", + " options:\n", + " node_id: 1\n", + " config:\n", + " server_ip_address: 192.168.1.14\n", + " payload: ENCRYPT\n", + "```\n" ] }, { @@ -316,15 +476,6 @@ "env.step(5)" ] }, - { - "cell_type": "code", - "execution_count": null, - "metadata": {}, - "outputs": [], - "source": [ - "env.step(6)" - ] - }, { "cell_type": "code", "execution_count": null, @@ -340,7 +491,33 @@ "cell_type": "markdown", "metadata": {}, "source": [ - "### **Command and Control** | C2 Server Actions | Launching Ransomware" + "### **Command and Control** | C2 Server Actions | C2_SERVER_RANSOMWARE_LAUNCH\n", + "\n", + "Finally, currently the last action available is the ``C2_SERVER_RANSOMWARE_LAUNCH`` which quite simply launches the ransomware script installed on the same node as the C2 beacon.\n", + "\n", + "This action is indexed as action ``6``.\n", + "\n", + "The below yaml snippet shows all the relevant agent options for this actio\n", + "\n", + "``` yaml\n", + " action_space:\n", + " action_list:\n", + " ...\n", + " - type: C2_SERVER_RANSOMWARE_LAUNCH\n", + " ...\n", + " options:\n", + " nodes: # Node List\n", + " ...\n", + " - node_name: client_1\n", + " applications: \n", + " - application_name: C2Server\n", + " ...\n", + " action_map:\n", + " 6:\n", + " action: C2_SERVER_RANSOMWARE_LAUNCH\n", + " options:\n", + " node_id: 1\n", + "```\n" ] }, { @@ -407,7 +584,7 @@ " num_applications: 2\n", " num_folders: 1\n", " num_files: 1\n", - " num_nics: 0\n", + " num_nics: 1\n", " include_num_access: false\n", " include_nmne: false\n", " monitored_traffic:\n", @@ -415,16 +592,26 @@ " - NONE\n", " tcp:\n", " - HTTP\n", + " - DNS\n", + " - FTP\n", " routers:\n", " - hostname: router_1\n", - " num_ports: 1\n", + " num_ports: 3\n", " ip_list:\n", - " - 192.168.10.21\n", + " - 192.168.1.10\n", " - 192.168.1.12\n", + " - 192.168.1.14\n", + " - 192.168.1.16\n", + " - 192.168.1.110\n", + " - 192.168.10.21\n", + " - 192.168.10.22\n", + " - 192.168.10.110\n", " wildcard_list:\n", " - 0.0.0.1\n", " port_list:\n", " - 80\n", + " - 53\n", + " - 21\n", " protocol_list:\n", " - ICMP\n", " - TCP\n", @@ -776,7 +963,7 @@ "cell_type": "markdown", "metadata": {}, "source": [ - "The code cell below uses the custom blue agent defined at the start of this section perform NODE_APPLICATION_REMOVE on the C2 beacon" + "The code cell below uses the custom blue agent defined at the start of this section perform a NODE_APPLICATION_REMOVE on the C2 beacon:" ] }, { @@ -1059,20 +1246,57 @@ "cell_type": "markdown", "metadata": {}, "source": [ - "## **Command and Control** | C2 Beacon Actions\n", + "## **Command and Control** | Configurability \n", "\n", - "Before any C2 Server commands is able to accept any commands, it must first establish connection with a C2 beacon.\n", - "\n", - "This can be done by installing, configuring and then executing a C2 Beacon. " + "This section of the notebook demonstrates the C2 configuration options and their impact on the simulation layer and the game layer." ] }, { "cell_type": "markdown", "metadata": {}, "source": [ - "## **Command and Control** | Configurability \n", + "The table below is the currently offered C2 Beacon configuration options:\n", "\n", - "TODO: Fleshout" + "|Configuration Option | Option Meaning |Default Option | Type | _Optional_ |\n", + "|---------------------|---------------------------------------------------------------------------|---------------|---------|------------|\n", + "|c2_server_ip_address | The IP Address of the C2 Server. (The C2 Server must be running) |_None_ |str (IP) | _No_ |\n", + "|keep_alive_frequency | How often should the C2 Beacon confirm it's connection in timesteps. |5 |Int | _Yes_ |\n", + "|masquerade_port | What port should the C2 traffic use? (TCP or UDP) |TCP |Str | _Yes_ |\n", + "|masquerade_protocol | What protocol should the C2 traffic masquerade as? (HTTP, FTP or DNS) |HTTP |Str | _Yes_ |\n", + "\n", + "The C2 Server currently does not offer any unique configuration options. The C2 Server aligns itself with the C2 Beacon's configuration options once connection is established." + ] + }, + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "As demonstrated earlier, red agents can use the ``CONFIGURE_C2_BEACON`` action to configure these settings mid episode through the configuration options:\n", + "\n", + "``` YAML\n", + "...\n", + " action: CONFIGURE_C2_BEACON\n", + " options:\n", + " node_id: 0\n", + " config:\n", + " c2_server_ip_address: 192.168.10.21\n", + " keep_alive_frequency: 10\n", + " masquerade_protocol: TCP\n", + " masquerade_port: DNS\n", + "```" + ] + }, + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "### **Command and Control** | Configurability | C2 Server IP Address\n", + "\n", + "As with a majority of client and server based application configuration in primaite, the remote IP of server must be supplied.\n", + "\n", + "In the case of the C2 Beacon, the C2 Server's IP must be supplied before the C2 beacon will be able to perform any other actions (including ``APPLICATION EXECUTE``).\n", + "\n", + "If the network contains multiple C2 Servers then it's also possible to switch to different C2 servers mid episode which is demonstrated in the below code cells." ] }, { @@ -1095,73 +1319,7 @@ "cell_type": "markdown", "metadata": {}, "source": [ - "Installing the C2 Server" - ] - }, - { - "cell_type": "code", - "execution_count": null, - "metadata": {}, - "outputs": [], - "source": [ - "client_1: Computer = c2_config_env.game.simulation.network.get_node_by_hostname(\"client_1\")\n", - "client_1.software_manager.install(C2Server)\n", - "c2_server: C2Server = client_1.software_manager.software[\"C2Server\"]\n", - "c2_server.run()\n", - "client_1.software_manager.show()" - ] - }, - { - "cell_type": "markdown", - "metadata": {}, - "source": [ - "Installing the C2 Beacon via NODE_APPLICATION_INSTALL" - ] - }, - { - "cell_type": "code", - "execution_count": null, - "metadata": {}, - "outputs": [], - "source": [ - "c2_config_env.step(1)" - ] - }, - { - "cell_type": "markdown", - "metadata": {}, - "source": [ - "Configuring the C2 Beacon using different parameters:\n", - "\n", - "``` yaml\n", - " action: CONFIGURE_C2_BEACON\n", - " options:\n", - " node_id: 0\n", - " config:\n", - " c2_server_ip_address: 192.168.10.21\n", - " keep_alive_frequency: 10\n", - " masquerade_protocol: TCP\n", - " masquerade_port: DNS\n", - "```" - ] - }, - { - "cell_type": "code", - "execution_count": null, - "metadata": {}, - "outputs": [], - "source": [ - "c2_config_env.step(7)" - ] - }, - { - "cell_type": "code", - "execution_count": null, - "metadata": {}, - "outputs": [], - "source": [ - "# Establishing connection to the C2 Server.\n", - "c2_config_env.step(3)" + "Installing the C2 Server on both client 1 and client 2." ] }, { @@ -1171,9 +1329,286 @@ "outputs": [], "source": [ "web_server: Server = c2_config_env.game.simulation.network.get_node_by_hostname(\"web_server\")\n", + "web_server.software_manager.install(C2Beacon)\n", "c2_beacon: C2Beacon = web_server.software_manager.software[\"C2Beacon\"]\n", + "\n", + "client_1: Computer = c2_config_env.game.simulation.network.get_node_by_hostname(\"client_1\")\n", + "client_1.software_manager.install(C2Server)\n", + "c2_server_1: C2Server = client_1.software_manager.software[\"C2Server\"]\n", + "c2_server_1.run()\n", + "\n", + "client_2: Computer = c2_config_env.game.simulation.network.get_node_by_hostname(\"client_2\")\n", + "client_2.software_manager.install(C2Server)\n", + "c2_server_2: C2Server = client_2.software_manager.software[\"C2Server\"]\n", + "c2_server_2.run()" + ] + }, + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "Configuring the C2 Beacon to establish connection to the C2 Server on client_1 (192.168.10.21)" + ] + }, + { + "cell_type": "code", + "execution_count": null, + "metadata": {}, + "outputs": [], + "source": [ + "env.step(2) # Agent Action Equivalent to c2_beacon.configure(c2_server_ip_address=\"192.168.10.21\")\n", + "env.step(3) # Agent action Equivalent to c2_beacon.establish()\n", "c2_beacon.show()\n", - "c2_server.show()" + "c2_server_1.show()" + ] + }, + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "Now reconfiguring the C2 Beacon to establish connection to the C2 Server on client_2 (192.168.10.22)" + ] + }, + { + "cell_type": "code", + "execution_count": null, + "metadata": {}, + "outputs": [], + "source": [ + "env.step(8) # Equivalent of to c2_beacon.configure(c2_server_ip_address=\"192.168.10.22\")\n", + "env.step(3)\n", + "\n", + "c2_beacon.show()\n", + "c2_server_2.show()" + ] + }, + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "After six timesteps the client_1 server will recognise the c2 beacon previous connection as dead and clear it's connections. (This is dependant o the ``Keep Alive Frequency`` setting.)" + ] + }, + { + "cell_type": "code", + "execution_count": null, + "metadata": {}, + "outputs": [], + "source": [ + "for i in range(6):\n", + " env.step(0)\n", + " \n", + "c2_server_1.show()" + ] + }, + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "### **Command and Control** | Configurability | Keep Alive Frequency\n", + "\n", + "In order to confirm it's connection the C2 Beacon will send out a ``Keep Alive`` to the C2 Server and receive a keep alive back. \n", + "\n", + "By default, this occurs at a rate of 5 timesteps. However, this setting can be configured to be much more infrequent or as frequent as every timestep. \n", + "\n", + "The next set of code cells below demonstrate the impact that this setting has on blue agent observation space." + ] + }, + { + "cell_type": "code", + "execution_count": null, + "metadata": {}, + "outputs": [], + "source": [ + "with open(data_manipulation_config_path()) as f:\n", + " cfg = yaml.safe_load(f)\n", + " # removing all agents & adding the custom agent.\n", + " cfg['agents'] = {}\n", + " cfg['agents'] = custom_blue\n", + " cfg['agents'][0]['observation_space']['options']['components'][0]['options']['num_ports'] = 3\n", + " cfg['agents'][0]['observation_space']['options']['components'][0]['options']['monitored_traffic'].update({\"tcp\": [\"HTTP\",\"FTP\"]})\n", + " cfg['agents'][0]['observation_space']['options']['components'][0]['options']['monitored_traffic'].update({\"udp\": [\"DNS\"]})\n", + "\n", + "blue_config_env = PrimaiteGymEnv(env_config=cfg)" + ] + }, + { + "cell_type": "code", + "execution_count": null, + "metadata": {}, + "outputs": [], + "source": [ + "# Performing the usual c2 setup:\n", + "blue_config_env, c2_server, c2_beacon, client_1, web_server = c2_setup(given_env=blue_config_env)\n", + "\n", + "# Flushing out the OBS impacts from setting up the C2 suite.\n", + "blue_config_env.step(0)\n", + "blue_config_env.step(0)\n", + "\n", + "# Capturing the 'default' obs (Post C2 installation and configuration):\n", + "default_obs, _, _, _, _ = blue_config_env.step(0)" + ] + }, + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "The next code cells capture the obs impact of the default Keep Alive Frequency which is 5 timesteps:" + ] + }, + { + "cell_type": "code", + "execution_count": null, + "metadata": {}, + "outputs": [], + "source": [ + "c2_beacon.configure(c2_server_ip_address=\"192.168.10.21\")\n", + "c2_beacon.establish()\n", + "c2_beacon.show()" + ] + }, + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "The code cell below goes through 10 timesteps and displays the differences between the default and the current timestep.\n", + "\n", + "You will notice that the only observation space differences after 10 timesteps. This is due to the C2 Suite confirming their connection through sending ``Keep Alive`` traffic across the network." + ] + }, + { + "cell_type": "code", + "execution_count": null, + "metadata": {}, + "outputs": [], + "source": [ + "for i in range(10):\n", + " keep_alive_obs, _, _, _, _ = blue_config_env.step(0)\n", + " display_obs_diffs(default_obs, keep_alive_obs, blue_config_env.game.step_counter)" + ] + }, + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "Next, the code cells below configuring the C2 Beacon's Keep Alive Frequency to confirm connection on every timestep." + ] + }, + { + "cell_type": "code", + "execution_count": null, + "metadata": {}, + "outputs": [], + "source": [ + "c2_beacon.configure(c2_server_ip_address=\"192.168.10.21\", keep_alive_frequency=1)\n", + "c2_beacon.establish()\n", + "c2_beacon.show()" + ] + }, + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "The code cells below demonstrate that the observation impacts of the Keep Alive can be seen on every timestep. " + ] + }, + { + "cell_type": "code", + "execution_count": null, + "metadata": {}, + "outputs": [], + "source": [ + "# Comparing the OBS of the default frequency to a timestep frequency of 1 \n", + "for i in range(2):\n", + " keep_alive_obs, _, _, _, _ = blue_config_env.step(0)\n", + " display_obs_diffs(default_obs, keep_alive_obs, blue_config_env.game.step_counter)" + ] + }, + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "### **Command and Control** | Configurability | Masquerade Port & Masquerade Protocol\n", + "\n", + "The final configurable options are ``Masquerade Port`` & ``Masquerade Protocol``. These options can be used to control what networking IP Protocol and Port the C2 traffic is currently using.\n", + "\n", + "In the real world, Adversaries take defensive steps to reduce the chance that an installed C2 Beacon is discovered. One of the most commonly used methods is to masquerade c2 traffic as other commonly used networking protocols.\n", + "\n", + "In primAITE, red agents can begin to simulate stealth behaviour by configuring C2 traffic to use different protocols mid episode or between episodes. \n", + "Currently, red agent actions are limited to using ports: ``DNS``, ``FTP`` and ``HTTP`` and protocols: ``UDP`` and ``TCP``.\n", + "\n", + "The next set of code cells will demonstrate the impact this option from a blue agent perspective." + ] + }, + { + "cell_type": "code", + "execution_count": null, + "metadata": {}, + "outputs": [], + "source": [ + "blue_config_env.reset()\n", + "\n", + "# Performing the usual c2 setup:\n", + "blue_config_env, c2_server, c2_beacon, client_1, web_server = c2_setup(given_env=blue_config_env)\n", + "\n", + "blue_config_env.step(0)\n", + "\n", + "# Capturing the 'default' obs (Post C2 installation and configuration):\n", + "default_obs, _, _, _, _ = blue_config_env.step(0)" + ] + }, + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "By default, the C2 suite will masquerade a Web Browser, meaning C2 Traffic will opt to use ``TCP`` and ``HTTP`` (Port 80):" + ] + }, + { + "cell_type": "code", + "execution_count": null, + "metadata": {}, + "outputs": [], + "source": [ + "# Capturing default C2 Traffic \n", + "for i in range(3):\n", + " tcp_c2_obs, _, _, _, _ = blue_config_env.step(0)\n", + "\n", + "display_obs_diffs(default_obs, tcp_c2_obs, blue_config_env.game.step_counter)" + ] + }, + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "However, C2 Beacon can be configured to use UDP (``Masquerade Protocol``) and we can also configure the C2 Beacon to use a different Port (``Masquerade Port``) for example ``DNS``. " + ] + }, + { + "cell_type": "code", + "execution_count": null, + "metadata": {}, + "outputs": [], + "source": [ + "from primaite.simulator.network.transmission.network_layer import IPProtocol\n", + "from primaite.simulator.network.transmission.transport_layer import Port\n", + "# As we're configuring via the PrimAITE API we need to pass the actual IPProtocol/Port (Agents leverage the simulation via the game layer and thus can pass strings).\n", + "c2_beacon.configure(c2_server_ip_address=\"192.168.10.21\", masquerade_protocol=IPProtocol.UDP, masquerade_port=Port.DNS)\n", + "c2_beacon.establish()\n", + "c2_beacon.show()" + ] + }, + { + "cell_type": "code", + "execution_count": null, + "metadata": {}, + "outputs": [], + "source": [ + "# Capturing UDP C2 Traffic\n", + "for i in range(5):\n", + " udp_c2_obs, _, _, _, _ = blue_config_env.step(0)\n", + "\n", + "display_obs_diffs(tcp_c2_obs, udp_c2_obs, blue_config_env.game.step_counter)" ] } ], diff --git a/src/primaite/simulator/system/applications/red_applications/c2/abstract_c2.py b/src/primaite/simulator/system/applications/red_applications/c2/abstract_c2.py index f5fb0929..2a3e78bb 100644 --- a/src/primaite/simulator/system/applications/red_applications/c2/abstract_c2.py +++ b/src/primaite/simulator/system/applications/red_applications/c2/abstract_c2.py @@ -27,8 +27,6 @@ class C2Command(Enum): TERMINAL = "Terminal" "Instructs the c2 beacon to execute the provided terminal command." - # The terminal command should also be able to pass a session which can be used for remote connections. - class C2Payload(Enum): """Represents the different types of command and control payloads."""