Skip to content

A web-based educational platform that simulates cyberattacks in cloud environments, offering insights into attack strategies and defenses. It features a user-friendly interface for one-click attack initiation, enabling comprehensive exploration, simulation, and analysis of cyber threats

License

Notifications You must be signed in to change notification settings

vectra-ai-research/zerotoimpact

Repository files navigation

ZeroToImpact

The ZeroToImpact Project: Simulate, understand, and mitigate cybersecurity threats from inception to impact.

zti

An interactive, web-based educational platform meticulously crafted to emulate cyberattacks across cloud environments, providing a comprehensive understanding of attack methodologies and defense strategies. Featuring a seamless one-click attack initiation, our dedicated application delivers a user-friendly, hands-on learning experience tailored to attack emulation, empowering users to explore, simulate, and analyze cyber threats from inception to resolution.

Setup Instructions

1. Install Node.js, Python, and AWS CLI: If not already installed, download and install Node.js, Python, AWS CLI

2. Navigate to the application directory:

cd .\zerotoimpact\

3. Create a Python Virtual Environment:

python3 -m venv .venv

4. Activate the Virtual Environment:

Windows

.venv/Scripts/activate

Linux

source .venv/bin/activate

5. Install Dependencies:

npm install

6. Set Enviroment Variable:

AWS Profile Permissions The AWS profile requires AdministratorAccess permission to deploy the vulnerable infrastructure. However, the profile will not be used to execute the attacks

AWS Region Support This application currently supports only the us-east-1 AWS region. Please ensure that your AWS environment is configured to use us-east-1 by setting the AWS_DEFAULT_REGION environment variable accordingly. Attempting to use the application in any other region may result in errors during resource creation or operations.

Windows

$env:AWS_DEFAULT_PROFILE="your_aws_profile_to_use"
$env:AWS_DEFAULT_REGION="us-east-1"

Linux

export AWS_DEFAULT_PROFILE="your_aws_profile_to_use"
export AWS_DEFAULT_REGION="us-east-1"

7. Run the Development Server:

npm run dev

8. Access the Application: Open http://localhost:3000 in your browser to access the application.

Note: The Flask server will be running on http://127.0.0.1:5328 – feel free to change the port in package.json' (you'll also need to update it in 'next.config.js').

Usage

  • Explore Attack Scenarios: Use the interactive interface to explore different attack scenarios categorized by MITRE ATT&CK tactics.

  • Analyze Attack Paths: Analyze the progression of attacks from initial compromise to lateral movement and exfiltration.

  • Mitigate Attacks: Implement mitigation strategies based on the insights gained from analyzing attack paths.

Troubleshooting

If an error occurs, the application's Activity Log section will notify you and may suggest destroying resources created during the attack. It's crucial to remove these resources to avoid unnecessary charges and because you must destroy the resources before rerunning the attack with the same username.

Important: Before destroying resources, navigate to the application directory and retrieve the logs from the current application run. Destroying resources through the application also wipes out these logs.

Logs can be found in the api/{attack_emulation}/instances directory as a JSON file.

For example, logs generated during the 'IAM Policy Rollback to S3 Ransomware via KMS key' attack emulation are located in the api/policy_ransom_exploit/instances directory.

Acknowledgments

Maintainer: @alexgroyz

Contact

If you found this tool useful, want to share an interesting use-case, bring issues to attention, whatever the reason - share them. You can email at: agroyz@vectra.ai.

About

A web-based educational platform that simulates cyberattacks in cloud environments, offering insights into attack strategies and defenses. It features a user-friendly interface for one-click attack initiation, enabling comprehensive exploration, simulation, and analysis of cyber threats

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published