CSAF - Cyber Security Awareness Framework

By: Zion3R

The Cyber Security Awareness Framework (CSAF) is a structured approach aimed at enhancing Cybersecurity" title="Cybersecurity">cybersecurity awareness and understanding among individuals, organizations, and communities. It provides guidance for the development of effective Cybersecurity" title="Cybersecurity">cybersecurity awareness programs, covering key areas such as assessing awareness needs, creating educational m aterials, conducting training and simulations, implementing communication campaigns, and measuring awareness levels. By adopting this framework, organizations can foster a robust security culture, enhance their ability to detect and respond to cyber threats, and mitigate the risks associated with attacks and security breaches.

Requirements

Software

Docker
Docker-compose

Hardware

Minimum

4 Core CPU
10GB RAM
60GB Disk free

Recommendation

8 Core CPU or above
16GB RAM or above
100GB Disk free or above

Installation

Clone the repository

git clone https://github.com/csalab-id/csaf.git

Navigate to the project directory

cd csaf

Pull the Docker images

docker-compose --profile=all pull

Generate wazuh ssl certificate

docker-compose -f generate-indexer-certs.yml run --rm generator

For security reason you should set env like this first

export ATTACK_PASS=ChangeMePlease
export DEFENSE_PASS=ChangeMePlease
export MONITOR_PASS=ChangeMePlease
export SPLUNK_PASS=ChangeMePlease
export GOPHISH_PASS=ChangeMePlease
export MAIL_PASS=ChangeMePlease
export PURPLEOPS_PASS=ChangeMePlease

Start all the containers

docker-compose --profile=all up -d

You can run specific profiles for running specific labs with the following profiles - all - attackdefenselab - phisinglab - breachlab - soclab

For example

docker-compose --profile=attackdefenselab up -d

Proof

Exposed Ports

An exposed port can be accessed using a proxy socks5 client, SSH client, or HTTP client. Choose one for the best experience.

Port 6080 (Access to attack network)
Port 7080 (Access to defense network)
Port 8080 (Access to monitor network)

Example usage

Access internal network with proxy socks5

curl --proxy socks5://ipaddress:6080 http://10.0.0.100/vnc.html
curl --proxy socks5://ipaddress:7080 http://10.0.1.101/vnc.html
curl --proxy socks5://ipaddress:8080 http://10.0.3.102/vnc.html

Remote ssh with ssh client

ssh kali@ipaddress -p 6080 (default password: attackpassword)
ssh kali@ipaddress -p 7080 (default password: defensepassword)
ssh kali@ipaddress -p 8080 (default password: monitorpassword)

Access kali linux desktop with curl / browser

curl http://ipaddress:6080/vnc.html
curl http://ipaddress:7080/vnc.html
curl http://ipaddress:8080/vnc.html

Domain Access

http://attack.lab/vnc.html (default password: attackpassword)
http://defense.lab/vnc.html (default password: defensepassword)
http://monitor.lab/vnc.html (default password: monitorpassword)
https://gophish.lab:3333/ (default username: admin, default password: gophishpassword)
https://server.lab/ (default username: postmaster@server.lab, default passowrd: mailpassword)
https://server.lab/iredadmin/ (default username: postmaster@server.lab, default passowrd: mailpassword)
https://mail.server.lab/ (default username: postmaster@server.lab, default passowrd: mailpassword)
https://mail.server.lab/iredadmin/ (default username: postmaster@server.lab, default passowrd: mailpassword)
http://phising.lab/
http://10.0.0.200:8081/
http://gitea.lab/ (default username: csalab, default password: giteapassword)
http://dvwa.lab/ (default username: admin, default passowrd: password)
http://dvwa-monitor.lab/ (default username: admin, default passowrd: password)
http://dvwa-modsecurity.lab/ (default username: admin, default passowrd: password)
http://wackopicko.lab/
http://juiceshop.lab/
https://wazuh-indexer.lab:9200/ (default username: admin, default passowrd: SecretPassword)
https://wazuh-manager.lab/
https://wazuh-dashboard.lab:5601/ (default username: admin, default passowrd: SecretPassword)
http://splunk.lab/ (default username: admin, default password: splunkpassword)
https://infectionmonkey.lab:5000/
http://purpleops.lab/ (default username: admin@purpleops.com, default password: purpleopspassword)
http://caldera.lab/ (default username: red/blue, default password: calderapassword)

Network / IP Address

Attack

10.0.0.100 attack.lab
10.0.0.200 phising.lab
10.0.0.201 server.lab
10.0.0.201 mail.server.lab
10.0.0.202 gophish.lab
10.0.0.110 infectionmonkey.lab
10.0.0.111 mongodb.lab
10.0.0.112 purpleops.lab
10.0.0.113 caldera.lab

Defense

10.0.1.101 defense.lab
10.0.1.10 dvwa.lab
10.0.1.13 wackopicko.lab
10.0.1.14 juiceshop.lab
10.0.1.20 gitea.lab
10.0.1.110 infectionmonkey.lab
10.0.1.112 purpleops.lab
10.0.1.113 caldera.lab

Monitor

10.0.3.201 server.lab
10.0.3.201 mail.server.lab
10.0.3.9 mariadb.lab
10.0.3.10 dvwa.lab
10.0.3.11 dvwa-monitor.lab
10.0.3.12 dvwa-modsecurity.lab
10.0.3.102 monitor.lab
10.0.3.30 wazuh-manager.lab
10.0.3.31 wazuh-indexer.lab
10.0.3.32 wazuh-dashboard.lab
10.0.3.40 splunk.lab

Public

10.0.2.101 defense.lab
10.0.2.13 wackopicko.lab

Internet

10.0.4.102 monitor.lab
10.0.4.30 wazuh-manager.lab
10.0.4.32 wazuh-dashboard.lab
10.0.4.40 splunk.lab

Internal

10.0.5.100 attack.lab
10.0.5.12 dvwa-modsecurity.lab
10.0.5.13 wackopicko.lab

License

This Docker Compose application is released under the MIT License. See the LICENSE file for details.

Download Csaf

The Hacker News
Wazuh in the Cloud Era: Navigating the Challenges of Cybersecurity
February 9^th 2024 at 07:40

Wazuh in the Cloud Era: Navigating the Challenges of Cybersecurity

By: The Hacker News

Cloud computing has innovated how organizations operate and manage IT operations, such as data storage, application deployment, networking, and overall resource management. The cloud offers scalability, adaptability, and accessibility, enabling businesses to achieve sustainable growth. However, adopting cloud technologies into your infrastructure presents various cybersecurity risks and

The Hacker News
Building a Robust Threat Intelligence with Wazuh
December 7^th 2023 at 10:51

Building a Robust Threat Intelligence with Wazuh

By: The Hacker News

Threat intelligence refers to gathering, processing, and analyzing cyber threats, along with proactive defensive measures aimed at strengthening security. It enables organizations to gain a comprehensive insight into historical, present, and anticipated threats, providing context about the constantly evolving threat landscape. Importance of threat intelligence in the cybersecurity ecosystem

The Hacker News
Protecting your IT infrastructure with Security Configuration Assessment (SCA)
October 3^rd 2023 at 11:48

Protecting your IT infrastructure with Security Configuration Assessment (SCA)

By: The Hacker News

Security Configuration Assessment (SCA) is critical to an organization's cybersecurity strategy. SCA aims to discover vulnerabilities and misconfigurations that malicious actors exploit to gain unauthorized access to systems and data. Regular security configuration assessments are essential in maintaining a secure and compliant environment, as this minimizes the risk of cyber attacks. The

The Hacker News
Enhancing Security Operations Using Wazuh: Open Source XDR and SIEM
August 7^th 2023 at 10:30

Enhancing Security Operations Using Wazuh: Open Source XDR and SIEM

By: The Hacker News

In today's interconnected world, evolving security solutions to meet growing demand is more critical than ever. Collaboration across multiple solutions for intelligence gathering and information sharing is indispensable. The idea of multiple-source intelligence gathering stems from the concept that threats are rarely isolated. Hence, their detection and prevention require a comprehensive

🏷️ My labels
- ❌
Article tags
August 7^th 2023 at 10:30

The Hacker News
How Wazuh Improves IT Hygiene for Cyber Security Resilience
June 1^st 2023 at 11:54

How Wazuh Improves IT Hygiene for Cyber Security Resilience

By: The Hacker News

IT hygiene is a security best practice that ensures that digital assets in an organization's environment are secure and running properly. Good IT hygiene includes vulnerability management, security configuration assessments, maintaining asset and system inventories, and comprehensive visibility into the activities occurring in an environment. As technology advances and the tools used by

The Hacker News
Protecting your business with Wazuh: The open source security platform
April 10^th 2023 at 09:27

Protecting your business with Wazuh: The open source security platform

By: The Hacker News

Today, businesses face a variety of security challenges like cyber attacks, compliance requirements, and endpoint security administration. The threat landscape constantly evolves, and it can be overwhelming for businesses to keep up with the latest security trends. Security teams use processes and security solutions to curb these challenges. These solutions include firewalls, antiviruses, data

The Hacker News
Auditing Kubernetes with Open Source SIEM and XDR
February 1^st 2023 at 09:29

Auditing Kubernetes with Open Source SIEM and XDR

By: The Hacker News

Container technology has gained traction among businesses due to the increased efficiency it provides. In this regard, organizations widely use Kubernetes for deploying, scaling, and managing containerized applications. Organizations should audit Kubernetes to ensure compliance with regulations, find anomalies, and identify security risks. The Wazuh open source platform plays a critical role in

🏷️ My labels
- ❌
Article tags
February 1^st 2023 at 09:29

The Hacker News
How XDR Helps Protect Critical Infrastructure
December 7^th 2022 at 13:39

How XDR Helps Protect Critical Infrastructure

By: The Hacker News

Critical infrastructure is important for societal existence, growth, and development. Societies are reliant on the services provided by critical infrastructure sectors like telecommunication, energy, healthcare, transportation, and information technology. Safety and security are necessary for the optimal operation of these critical infrastructures. Critical infrastructure is made up of digital

The Hacker News
Threat hunting with MITRE ATT&CK and Wazuh
November 18^th 2022 at 12:07

Threat hunting with MITRE ATT&CK and Wazuh

By: The Hacker News

Threat hunting is the process of looking for malicious activity and its artifacts in a computer system or network. Threat hunting is carried out intermittently in an environment regardless of whether or not threats have been discovered by automated security solutions. Some threat actors may stay dormant in an organization's infrastructure, extending their access while waiting for the right

The Hacker News
Implementing Defense in Depth to Prevent and Mitigate Cyber Attacks
October 28^th 2022 at 10:43

Implementing Defense in Depth to Prevent and Mitigate Cyber Attacks

By: The Hacker News

The increased use of information technology in our everyday life and business has led to cyber-attacks becoming more sophisticated and large-scale. For organizations to thrive in this era of technology, they must develop robust security strategies to detect and mitigate attacks. Defense in depth is a strategy in which companies use multiple layers of security measures to safeguard assets. A

🏷️ My labels
- ❌
Article tags
October 28^th 2022 at 10:43

The Hacker News
Improve your security posture with Wazuh, a free and open source XDR
September 28^th 2022 at 12:15

Improve your security posture with Wazuh, a free and open source XDR

By: The Hacker News

Organizations struggle to find ways to keep a good security posture. This is because it is difficult to create secure system policies and find the right tools that help achieve a good posture. In many cases, organizations work with tools that do not integrate with each other and are expensive to purchase and maintain. Security posture management is a term used to describe the process of