Rules of Engagement for range: NEOTEK Rules Of Engagement (ROE) are typical for Red Team/Vulnerability assessment, and in this case each range has its own ROE outline. The point is to prevent out-of-scope rabbit holes, reduce resource footprint and mitigate any techniques that would take down necessary lab resources. • Out of Scope IP's: ◦ 10.45.1.0 - 10.45.1.15 - These IP's are for lab functionality and are completely out of scope. ◦ Any IP outside of 10.45.0.0/16 Network, including other users on the range. • Do not change the IP on any machine. • No Denial of Service of any kind. Flooding a system with TCP SYN packets, BSOD'ing a windows box or anything similar is unnecessary. • No use of Malware, Ransomware or Cryptomining. • Brute-Forcing/Cracking is needed to an extent. A few notes: Online/Remote Brute Forcing • The maximum password list used is: passwords_john.txt - this list is also very commonly used. • Like any network, be cautious of brute force speeds (network latency, system resources, etc) • HINT: SSH lockout is enabled on various machines throughout the network. Brute Forcing must be targeted. Offline Cracking • Obtaining useful hashes is also an attack vector within this network. • The largest password list needed is: rockyou.txt • Hashcat is recommended. Tools and OS • Default applications which are installed on Kali Linux can be used for the bulk of the range.