Armitage – Host Labels for Better Team Pen Testing

One of the things I offer is the Advanced Threat Tactics with Cobalt Strike course. The best part of this course is the end exercise. I split students up into teams, give them goals, and watch them apply what they learned to get a foothold in a network, spread from that point, and sift through data. This class is a great source of feedback for me.

Last time I taught, several students asked for the ability to label hosts. They simply wanted to say “this is a mail server”, “this is a domain controller”, etc. in a way that all their teammates could digest.

I’ve had similar suggestions in the past, but having a dialog allowed me to turn the suggestion into something actionable pretty quickly.

Today’s Armitage update adds host labels. A host label is a small user-defined note attached to a host. Right-click a host, go to Host -> Set Label to set it. All team members will see the same labels and anyone can update a host’s label.

The graph view displays the label underneath the host. The table view has a column for labels now.

You can filter your host display by labels too. Armitage has had the concept of dynamic workspaces since November 2011. Dynamic workspaces are filters, defined by you, based on network, operating system, open services, etc.. You can switch workspaces through a menu or go Starcraft style and use Ctrl+1 … Ctrl+n to activate your workspaces.

Labels are now a dynamic workspace criteria too. Each word in a label is a searchable tag that you may use in your workspace definitions.

This open-ended feature gives you a way to assign actions, group hosts, and share small notes during a team penetration test. It’s a nice addition to Armitage’s existing real-time event log, data sharing, and session sharing features for teams.

Get the latest Armitage at http://www.fastandeasyhacking.com/ or use msfupdate to grab it.