h1

Armitage – Host Labels for Better Team Pen Testing

January 23, 2013

One of the things I offer is the Advanced Threat Tactics with Cobalt Strike course. The best part of this course is the end exercise. I split students up into teams, give them goals, and watch them apply what they learned to get a foothold in a network, spread from that point, and sift through data. This class is a great source of feedback for me.

Last time I taught, several students asked for the ability to label hosts. They simply wanted to say “this is a mail server”, “this is a domain controller”, etc. in a way that all their teammates could digest.

I’ve had similar suggestions in the past, but having a dialog allowed me to turn the suggestion into something actionable pretty quickly.

Today’s Armitage update adds host labels. A host label is a small user-defined note attached to a host. Right-click a host, go to Host -> Set Label to set it. All team members will see the same labels and anyone can update a host’s label.

The graph view displays the label underneath the host. The table view has a column for labels now.

You can filter your host display by labels too. Armitage has had the concept of dynamic workspaces since November 2011. Dynamic workspaces are filters, defined by you, based on network, operating system, open services, etc.. You can switch workspaces through a menu or go Starcraft style and use Ctrl+1 … Ctrl+n to activate your workspaces.

Labels are now a dynamic workspace criteria too. Each word in a label is a searchable tag that you may use in your workspace definitions.

This open-ended feature gives you a way to assign actions, group hosts, and share small notes during a team penetration test. It’s a nice addition to Armitage’s existing real-time event log, data sharing, and session sharing features for teams.

Get the latest Armitage at http://www.fastandeasyhacking.com/ or use msfupdate to grab it.

2 comments

  1. hey raphael i as tinking if “workspace” can not be shared with team menbers
    (like they have access to my db) .. a big hug tfrom this fan (me)…


    • The data in the database is shared with your teammates. Workspaces are not. They’re meant to be a local filter on the data.



Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s