Remember the tool we presented at BSides Cyprus last year? It is now moving to BlackHat USA 2020 with new features and updates! As a reminder, Overlord is a tool that gives the user the ability to automate the deployment of Red Teaming (C2s, redirectors, mail servers, etc.) infrastructure on the cloud. It provides a python-based console CLI which abstracts the user from the Terraform implementation. Briefly, it is a Terraform “code generator” which takes a JSON file that is generated from the user and creates a Terraform file to be executed. It uses the RedBaron implementation as a resource, but additional modules and configurations were made to make the overall experience easier to follow by anyone.

The new version (1.0) includes:

  • Ansible module: This module gives the user the flexibility to create their own YAML playbooks and load them into Overlord on any server they want.
  • User management (via Ansible playbook): We have created an ansible playbook as a template for user creation on the infrastructure. The playbook creates 2 users, uploads their ssh public key from the local machine and enables logging for every user. This will help the consultants to go back and investigate something in case the client asks for it.
  • Redirect to internal C2 server (via autossh) – HTTP, DNS support. The redirector module has the ability now to redirect HTTPS and DNS traffic to the loopback interface. This allows us to tunnel the traffic to an internal IP which is not accessible from the internet. When the redirector is created, Overlord outputs the commands to the terminal window. By doing this your actual C2 can be in your internal network in case you (or your clients) prefer not to host it on the cloud.
  • Upgrade to Terraform 0.12: The previous version used the TF version 0.11 which is now outdated. We have performed an upgrade on all the Redbaron modules to use TF 0.12 and Overlord to download the new TF in the install.sh as well.
  • New Linux distributions support - in the new version, the following distros are supported:
    • AWS: Kali, Ubuntu, Debian
    • DigitalOcean: Ubuntu, Debian

At BlackHat USA we will perform a demo of the following infrastructure:

Join us on Wednesday, August 5 at 12:00pm-1:00pm (Pacific time) to watch the demo and have a chat!

For more detailed information about Overlord you can visit the GitHub wiki page: https://github.com/qsecure-labs/overlord/wiki

We really hope that you will find out tool useful on your engagements!