Security lab with terraform deploying Velociraptor: PurpleCloud

[Jason Ostrom]

Hi Everyone,

I just released a new version of an Azure terraform security lab that automatically deploys Velociraptor.  It's called PurpleCloud and I wanted to share it with Velociraptor user community.  It's a python script that generates terraform for a Velociraptor server + endpoint configuration.  It uses terraform to generate the internal PKI that velociraptor needs, loading all of the self-signed certificates on the ubuntu velociraptor linux server and windows 10 pro endpoints.  It's built for Azure.  Auto-build as many AD users, Windows 10 Pro endpoints, domain joined, with users logged in with their domain creds running velociraptor for realistic adversary simulations.  It's implemented with Velociraptor 6.5.2.  I had issues a few weeks ago with the 0.6.6 RC candidate with the internal PKI so switched back to 6.5.2.

Here it is:

https://www.purplecloud.network

Here is the usage for the lab creating Velociraptor deployment:

https://www.purplecloud.network/tools/ad/

It's a nice tool if you want to simulate Velociraptor in a realistic Active Directory environment with AD users, windows 10 endpoints running Velociraptor.

Huge fan of Velociraptor!  Feel free to fork, clone, or re-use in other projects as a template.  It's MIT license and 100% permissive to re-use.

Jason

[Mike Cohen]

This is very cool! 

I think we should add a part to our website that references all the projects that integrate or make use of Velociraptor is some way

Thanks

Mike

Mike Cohen  Digital Paleontologist,  Velocidex Enterprises E mi...@velocidex.com

--
You received this message because you are subscribed to the Google Groups "velociraptor-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to velociraptor-dis...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/velociraptor-discuss/CALYy5Lpbi8mKK-ycD4HfxTDf5VwV7zvc7ueK33sGd_CpQ-hgDQ%40mail.gmail.com.