monkey/docs/content/usage/scenarios/custom-scenario/network-breach.md

---
title: "Network Breach"
date: 2020-08-12T13:04:55+03:00
draft: false
description: "Simulate an internal network breach and assess the potential impact."
weight: 3
---

## Overview

From the [Hex-Men campaign](https://web.archive.org/web/20210115171355/https://www.guardicore.com/2017/12/beware-the-hex-men/) that hit
internet-facing DB servers to a [cryptomining operation that attacks WordPress sites](https://web.archive.org/web/20210115185135/https://www.guardicore.com/2018/06/operation-prowli-traffic-manipulation-cryptocurrency-mining-2/) or any other malicious campaign – attackers are now trying to go deeper into your network.

Infection Monkey will help you assess the impact of a future breach by attempting to propagate within your internal network using service vulnerabilities, brute-forcing and other safe exploiters.

## Configuration

- **Propagation -> Exploiters** Here you can review the exploits the Infection Monkey will be using. By default all
safe exploiters are selected.
- **Propagation -> Credentials** This configuration value will be used for brute-forcing. The Infection Monkey uses the most popular default passwords and usernames, but feel free to adjust it according to the default passwords common in your network. Keep in mind a longer list means longer scanning times.
- **Propagation -> Network analysis -> Network** Make sure to properly configure the scope of the scan. You can select **Scan Agent's networks**
 and allow Monkey to propagate until maximum **Scan depth**(hop count) is reached, or you can fine tune it by providing
 specific network ranges in **Scan target list**. Scanning a local network is more realistic, but providing specific
 targets will make the scanning process substantially faster.
- **(Optional) Propagation -> Network Analysis -> TCP scanner** Here you can add custom ports your organization is using.

![Exploiter selector](/images/usage/use-cases/network-breach.PNG "Exploiter selector")

## Suggested run mode

Decide which machines you want to simulate a breach on and use the “Manual” run option to start the Infection Monkey on them.
Use administrative privileges to run the Infection Monkey to simulate an attacker that was able to elevate their privileges.
You could also simulate an attack initiated from an unidentified machine connected to the network (e.g., a technician
laptop or third-party vendor machine) by running the Infection Monkey on a dedicated machine with an IP in the network you
wish to test.


## Assessing results

Check the infection map and Security report to see how far The Infection Monkey managed to propagate in your network and which
vulnerabilities it successfully exploited. If you left post-breach actions selected, you should also check the MITRE ATT&CK and
Zero Trust reports for more details.

![Map](/images/usage/use-cases/map-full-cropped.png "Map")
-												Split Scenarios into use-cases and extended each use-case

											
										
										
											2020-08-13 21:34:35 +08:00
+								---
 								title: "Network Breach"
 								date: 2020-08-12T13:04:55+03:00
-												Changed draft=true to false and used chilrden shortcode instead of manually listing subpages

											
										
										
											2020-08-26 16:51:38 +08:00
+								draft: false
 								description: "Simulate an internal network breach and assess the potential impact."
-												Updated scenario docs once more, removed IDS/IPS test scenario.

											
										
										
											2020-10-23 22:46:23 +08:00
+								weight: 3
-												Split Scenarios into use-cases and extended each use-case

											
										
										
											2020-08-13 21:34:35 +08:00
+								---
-												docs: Remove trailing whitespaces

											
										
										
											2021-07-28 19:21:27 +08:00
+								## Overview
-												Split Scenarios into use-cases and extended each use-case

											
										
										
											2020-08-13 21:34:35 +08:00
-												Docs, Island: Replace broken links with wayback machine links

These needs to be changed when we have live ones from Akamai.

											
										
										
											2022-08-10 20:34:13 +08:00
+								From the [Hex-Men campaign](https://web.archive.org/web/20210115171355/https://www.guardicore.com/2017/12/beware-the-hex-men/) that hit
 								internet-facing DB servers to a [cryptomining operation that attacks WordPress sites](https://web.archive.org/web/20210115185135/https://www.guardicore.com/2018/06/operation-prowli-traffic-manipulation-cryptocurrency-mining-2/) or any other malicious campaign – attackers are now trying to go deeper into your network.
-												Split Scenarios into use-cases and extended each use-case

											
										
										
											2020-08-13 21:34:35 +08:00
-												Copyedits for usage sections (#965)

Copy edits - round 2
											
										
										
											2021-02-22 20:06:56 +08:00
+								Infection Monkey will help you assess the impact of a future breach by attempting to propagate within your internal network using service vulnerabilities, brute-forcing and other safe exploiters.
-												Split Scenarios into use-cases and extended each use-case

											
										
										
											2020-08-13 21:34:35 +08:00
 								## Configuration
-												Docs: Update paths for custom-scenario

											
										
										
											2022-09-27 22:37:25 +08:00
+								- **Propagation -> Exploiters** Here you can review the exploits the Infection Monkey will be using. By default all
-												Split Scenarios into use-cases and extended each use-case

											
										
										
											2020-08-13 21:34:35 +08:00
+								safe exploiters are selected.
-												Docs: Update paths for custom-scenario

											
										
										
											2022-09-27 22:37:25 +08:00
+								- **Propagation -> Credentials** This configuration value will be used for brute-forcing. The Infection Monkey uses the most popular default passwords and usernames, but feel free to adjust it according to the default passwords common in your network. Keep in mind a longer list means longer scanning times.
 								- **Propagation -> Network analysis -> Network** Make sure to properly configure the scope of the scan. You can select **Scan Agent's networks**
-												docs: Remove trailing whitespaces

											
										
										
											2021-07-28 19:21:27 +08:00
+								 and allow Monkey to propagate until maximum **Scan depth**(hop count) is reached, or you can fine tune it by providing
 								 specific network ranges in **Scan target list**. Scanning a local network is more realistic, but providing specific
-												Copyedits for usage sections (#965)

Copy edits - round 2
											
										
										
											2021-02-22 20:06:56 +08:00
+								 targets will make the scanning process substantially faster.
-												Docs: Update paths for custom-scenario

											
										
										
											2022-09-27 22:37:25 +08:00
+								- **(Optional) Propagation -> Network Analysis -> TCP scanner** Here you can add custom ports your organization is using.
-												Split Scenarios into use-cases and extended each use-case

											
										
										
											2020-08-13 21:34:35 +08:00
 								![Exploiter selector](/images/usage/use-cases/network-breach.PNG "Exploiter selector")
-												Updated scenario / use case docs

											
										
										
											2020-10-23 17:30:38 +08:00
+								## Suggested run mode
-												docs: Remove trailing whitespaces

											
										
										
											2021-07-28 19:21:27 +08:00
+								Decide which machines you want to simulate a breach on and use the “Manual” run option to start the Infection Monkey on them.
 								Use administrative privileges to run the Infection Monkey to simulate an attacker that was able to elevate their privileges.
 								You could also simulate an attack initiated from an unidentified machine connected to the network (e.g., a technician
 								laptop or third-party vendor machine) by running the Infection Monkey on a dedicated machine with an IP in the network you
-												Updated scenario docs once more, removed IDS/IPS test scenario.

											
										
										
											2020-10-23 22:46:23 +08:00
+								wish to test.
-												Updated scenario / use case docs

											
										
										
											2020-10-23 17:30:38 +08:00
-												Split Scenarios into use-cases and extended each use-case

											
										
										
											2020-08-13 21:34:35 +08:00
+								## Assessing results
-												docs: Remove trailing whitespaces

											
										
										
											2021-07-28 19:21:27 +08:00
+								Check the infection map and Security report to see how far The Infection Monkey managed to propagate in your network and which
 								vulnerabilities it successfully exploited. If you left post-breach actions selected, you should also check the MITRE ATT&CK and
-												Copyedits for usage sections (#965)

Copy edits - round 2
											
										
										
											2021-02-22 20:06:56 +08:00
+								Zero Trust reports for more details.
-												Split Scenarios into use-cases and extended each use-case

											
										
										
											2020-08-13 21:34:35 +08:00
 								![Map](/images/usage/use-cases/map-full-cropped.png "Map")