The Most Relevant Commands
- Invoking Maligno
The module can be invoked with “use maligno” directly from the BT3 command-line interface. You should note that the BT3 command prompt changes based on the current module in use.
Maligno module ready for use after invocation
- Module version check
The current module version can be checked with the “version” command.
Maligno version command output
- Module help overview
Maligno supports a range of general commands, which can be displayed with “help”.
List of commands supported by the module
- Module network interfaces overview
Available network interfaces can be displayed with the “show interfaces” command. This is useful for checking the IP address assigned to your computer, without leaving the BT3 console.
Listing available network interfaces
- Module option list
Module options and their current values can be listed with “show options”.
Module options and their current values
- Module option configuration
Module option values can be set with the “set” command, the desired option and its new value.
Setting a new option value
- Module material list
Available malware indicator profiles can be listed with “show profiles”. If a content subscription account is already authenticated, the command will retrieve available profile information from the online library. More targeted profile listing can be achieved with “show profiles cloud”, “show profiles disk”, “show profiles free” and “show profiles premium”. These commands will present all malware indicator profiles available online, profiles found locally on your computer, profiles which can be downloaded for free, and profiles which can be downloaded with the use of content credits respectively.
Example with a few Maligno malware indicator profiles ready for use on disk
Fragment of the online profile library
- Material search
Malware indicator profiles can be easily found with the “search” command. Searches use the profile name or profile description as criterion.
Search results presented by the module
- Material information
Detailed information about a given malware indicator profile can be shown with the “info” command. The expected command argument is the profile to present. Note that malware indicator profiles downloaded to your local disk will have a “.py” extension, while those online do not.
Details about a malware indicator profile found on disk
- Material download
Authenticated content subscription accounts will have access to the Blue Team Training Toolkit online library, with both free and premium training content. Premium training content has a price, which will be deducted from the user’s existing content credit balance. Premium downloads require users to have enough credit balance in order to complete the download. Free online content, on the other hand, can be downloaded without restrictions. Downloading online resources can be done with the “download” command, and the material name provided as an argument.
Successful material download
- Material download history
The training material download history associated with your subscription account can be retrieved with “show downloads”.
Material download history
- Maligno client generation
Once all required module options have been configured with valid values, it will be possible to generate a Maligno client script. Maligno clients can be generated directly from the BT3 command-line interface with the “genclient” command. The generated client script will be stored in the “clients” folder, and it will be ready for deployment.
Successful Maligno client generation
Generated clients are placed in a specific location
- Module execution
Maligno server can be started with the “run” command. All module options are validated during this process.
Maligno server is running and waiting for connections