Rules of Engagement for range: ROADHOUSE Rules Of Engagement (ROE) are typical for Red Team/Vulnerability assessment, and in this case each range has its own ROE outline. The point is to prevent out-of-scope rabbit holes, reduce resource footprint and mitigate any techniques that would take down necessary lab resources. • Out of Scope IP's: ◦ 10.25.1.0 - 10.25.1.14 - These IP's are for lab functionality and are completely out of scope. ◦ Any IP outside of 10.25.0.0/16 Network, including other users on the range. • Do not change the IP on any machine. • No Exploits against Domain Controllers. Running exploits against a DC is unnecessary. The point is to avoid running arbitrary PoC's that actually exploit a service, process, etc on a Domain Controller. Taking down a DC on a real assessment is (most likely) bad, same goes for here. Although "Feature Abuse" may be used for enumeration or similar activities, which may be necessary on the latter half of the range. • No Man-in-the-Middle (MitM) or similar Spoofing attacks. ◦ Tools such as Responder, Inveigh, etc are not allowed. • No Denial of Service of any kind. Flooding a system with TCP SYN packets, BSOD'ing a windows box or anything similar is unnecessary. • No use of Malware, Ransomware or Cryptomining. • Brute-Forcing/Cracking is needed to an extent. A few notes: Online/Remote Brute Forcing • The maximum password list used is: passwords_john.txt - HINT: This maximum list is not used on SSH. • Like any network, be cautious of brute force speeds (network latency, system resources, etc) • Typically fasttrack.txt can be used • HINT: SSH lockout is enabled on various machines throughout the network. Brute Forcing must be targeted. Offline Cracking • Obtaining useful hashes is also an attack vector within this network. • The largest password list needed is: rockyou.txt • Hashcat is recommended. Tools and OS • Default applications which are installed on Kali Linux can be used for the bulk of the range. • A few other publicly available tools may be necessary. There will be hints on what they are. • Not required, but an outfitted Windows Attacking VM may be useful near the latter half of the range.