2) Add a System Target

This component is the target of the events executed. You will assign those targets during the campaign creation process.

During an attack simulation, the Attack Vector establishes connections with each System Target to execute events. Commands, programs, or tools are launched on the System Target to accurately replicate the attackers' behaviors. For more details, visit  this link .
A Target System can be a physical or virtual server or workstation running a Windows, Linux, or macOS operating system.
Best Practices: For the best results, System Targets must be representative of the defenses in place, based on what is commonly used (EDR, antivirus, SIEM integration, etc.).


1️⃣ Create a System Target


    From the Resources > System target page, click the Create a system target button in the top right corner.

    Provide the essential information for your System Target by giving:
  • Name for identification in the BlackNoise application
  • The IP address
  • The OS type

    You can then select from various authentication methods based on the chosen OS type. This authentication information is essential for the Attack Vector to connect to the System Target and execute the simulation events. Therefore, you must provide the required credentials to enable this connection.
OS System Target
Protocol to connect to the target
Requirements
Windows
WMI
Local or domain account
With Admin privileges on the target for WMI connection
Linux
macOS
SSH
Local account
With login & password or key


2️⃣ Test the connection to your Target


We strongly encourage you to test the connection between an Attack Vector and the created System Target before launching a simulation to ensure that all prerequisites are met:
  • Flows are open
  • Credentials are correct

    You can launch the test during the Target creation process (using the selector provided for this purpose - see screenshot above) or at any time by selecting Connection testing in the System Target details screen.

    You receive a SUCCESS message when the connection test is validated. The System Target is now fully prepared for use in an attack campaign.

The Attack Vector connects to each System Target using the login details from this screen to carry out the BlackNoise events. Commands, programs, or tools are run on the System Target to mimic the attackers' actions. Various protocols can be used for this:
- WMI for Windows
- SSH for Linux and macOS

For information regarding the connection between Attack Vector and System Target, kindly consult our FAQ:
- How does the Attack Vector connect to the Target Systems to execute the events?
- Need help to enable and test WMI access to your Windows System Target?

Some scenarios require specific accounts and privileges, these prerequisites are specified in the description of the scenarios.