1) Deploy an Attack Vector

This component runs the events. It is deployed on your network to execute offensive actions (events) according to the chosen scenario and based on the configured campaign technical settings.

You need to have at least one operational Attack Vector to execute a simulation. Follow those steps to setup one.


A) Prepare the Attack Vector installation

You need a computer with Docker to run a BlackNoise Attack Vector. This computer will be the host.

Computer specs

CPU: x86_64 or ARM architecture
RAM: 2 GB
Storage: 16 GB


Software specs

Linux OS (such as Debian, Ubuntu, RedHat, or Fedora; whether on a physical or virtual machine like VirtualBox)
Docker (Docker engine v27.0.0 and +)

Follow these steps to set up your environment:
    Prepare a native Linux OS or install it within a virtual machine. This will enable you to effectively deploy an Attack Vector on a Windows computer, for example.
    Install Docker Engine. Refer to the  Docker Installation Guide  for assistance.

The Attack Vector will use the IP address of the host OS on which it is installed. You can therefore freely choose a configuration via DHCP or static address according to your needs for the host.
If the host OS has several network interfaces, make sure the default route is set for just one. Otherwise, this mistake stops the Attack Vector BlackNoise from working.

Information How to prepare a Linux Virtual machine to install the Attack Vector
    Download a Linux OS install image, for example Ubuntu, either Desktop or Server ( https://ubuntu.com/download )
    Create a virtual machine with this OS
    Install Docker using the apt repository ( https://docs.docker.com/engine/install/ubuntu/#install-using-the-repository ). If you don't have Internet access for such installation, switch the VM network configuration to NAT mode.


Network flows

Open the following flows to allow connection between the Attack Vector and the BlackNoise app:
  • Protocol: HTTPS (TCP/443)
  • Domains:  in.blacknoise.co , *.in.blacknoise.co, and  registry.blacknoise.co 
  • Direction: outgoing flows
Important: No protocol interruption. For the secure connection between the Attack Vector and the BlackNoise platform to be successfully established, the open flow must remain intact without any protocol break. In particular, intermediate devices must not decrypt TLS traffic from HTTPS connections, as this would prevent the secure end-to-end communication required for proper operation.

Once the host is ready, you can go to step B).


B) Install the Attack Vector

    From from the Resources > Attack Vectors page, click the Create attack vector button in the top right
    Provide a name (alias) for this Attack Vector
    Copy the docker command from the screen and paste it into the terminal of the previously deployed computer (the host) to execute it. You can also provide an HTTP PROXY to be used for this connection from the Attack Vector to the web app. Please refer to the FAQ to add this option within the following command ( https://doc.blacknoise.co/p/ps6ZTNIhewUzS9/Untitled#5yRgILGUh2OIg1 ).
    The attack Vector shows up in the web app list. The container image is downloaded and started. Once the authentication between the Docker container and the BlackNoise web app is done, the Attack Vector is ready to use (ie. operational). This is shown by a green dot. It can now be used in an attack campaign.

Information The deployment of the virtual Attack Vector (docker) is not working on Linux
If you have an error message such as:
permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock
Your user does not have the rights to execute some Docker commands. Add your user to the docker group: 
sudo usermod -aG docker your-username

Please refer to our FAQ for technical details to ensure communication between Attack Vector and Target Systems