The Ocean Lotus lab is an Azure deployable template designed to support the Ocean Lotus scenario available in the Center for Threat Informed Defense adversary emulation library.
Deployment Details
The following table details the Virtual Machines that are deployed in this lab.
| VM Name | Operating System | IP Address | Scheduled Shutdown |
|---|---|---|---|
| vhagar | Server 2019 | 10.90.30.20 | 7PM ET |
| drogon | Ubuntu 22.04 | 10.90.30.7 | 7PM ET |
| kali | Kali Linux | 10.90.30.26 | 7PM ET |
Instructions
- Generate a root and child certificate for the Gateway VPN. This should support both Mac and Windows VPNs.
- Open the Azure Portal in a seperate tab in your browsers
- Use the Deploy to Azure button below to deploy the lab to your Azure Environment
- Required: Specify the Resource Group where the lab will be deployed
- Required: Specify the password for the admin account
- Required: Provide the root certificate’s public key data
- Recommended: Select the region where the lab should be deployed if using a new resource group
- Recommended: Update the Admin User Name to your desired name
Post Deployment Setup
Configure Point-to-Site VPN
- Export with the private key and install the Child Certificate, created in Step 1 of Deployment Instructions, on your Mac Device.
- In the Azure Portal go to the Resource Group where the lab was created and find the Virtual Network Gateway Resource that was created and click on it
- Go to the Point-to-Site Configuration
- Click the Download VPN client button
- Install the appropriate VPN client for your OS
- Connect the to the Point-to-Site VPN
Scenario Execution
Once the environment is ready and you can continue with the Ocean Lotus set up of the C2 server as well as staging the attack components on the test Mac device.