Rules of Engagement for range: TheSprawl

Rules Of Engagement (ROE) are typical for Red Team/Vulnerability assessment, and in this case each range has
its own ROE outline. The point is to prevent out-of-scope rabbit holes, reduce resource footprint and mitigate
any techniques that would take down necessary lab resources.

• Out of Scope IP's:
	◦ 10.35.1.0 - 10.35.1.14 - These IP's are for lab functionality and are completely out of scope.
	◦ Any IP outside of 10.35.0.0/16 Network, including other users on the range.

• Do not change the IP on any machine.

• No Man-in-the-Middle (MitM) or similar Spoofing attacks.
	◦ Tools such as Responder, Inveigh, etc are not allowed.

• No Denial of Service of any kind. Flooding a system with TCP SYN packets, BSOD'ing a windows box
or anything similar is unnecessary.

• No use of Malware, Ransomware or Cryptomining.

• Brute-Forcing/Cracking is needed to an extent. A few notes:

Online/Remote Brute Forcing
• Only used in a few instances.
• The maximum password list used: passwords_john.txt.
• Like any network, be cautious of brute force speeds (network latency, system resources, etc).
• Typically fasttrack.txt can be used.
• SSH and Windows lockout is enabled on majority of systems.

Offline Cracking
• Obtaining useful hashes is a common attack vector within this network.
• Password lists needed: fasttrack.txt, passwords_john.txt and rockyou.txt
• Hashcat is recommended.

Tools and OS
• Default applications which are installed on Kali Linux can be used for the bulk of the range.
• Exploiting Kerberos is needed on multiple VM's. Rubeus, Impacket or similar tools should be used.
• A few other publicly available tools may be necessary. There will be hints on what they are.
• Not required, but an outfitted Windows Attacking VM may be useful near the latter half of the range.