2) Add a System Target

This component is the target of the events executed. You will assign those targets during the campaign creation process.

During an attack simulation, the Attack Vector establishes connections with each System Target to execute events. Commands, programs, or tools are launched on the System Target to accurately replicate the attackers' behaviors. For more details, visit  this link .
A Target System can be a physical or virtual server or workstation running a Windows, Linux, or macOS operating system.
Best Practices: For the best results, System Targets must be representative of the defenses in place, based on what is commonly used (EDR, antivirus, SIEM integration, etc.).


1️⃣ Create a System Target


    From the Resources > System target page, click the Create a system target button in the top right corner.

    Provide the essential information for your System Target by giving:
  • Name for identification in the BlackNoise application
  • The IP address
  • The OS type

    You can then select from various authentication methods based on the chosen OS type. This authentication information is essential for the Attack Vector to connect to the System Target and execute the simulation events. Therefore, you must provide the required credentials to enable this connection.
OS System Target
Protocol to connect to the target
Requirements
Windows
WMI
Local or domain account
With Admin privileges on the target for WMI connection
Linux
macOS
SSH
Local account
With login & password or key

The necessary ports must be open between the Attack Vector and the Target to allow the connection to be established:
- For the WMI connection to succeed, the target must permit incoming network traffic on TCP ports 135, 445, and additional dynamically-assigned port in the range of 49152 to 65535 by default. If the powershell script provided by BlackNoise (blacknoise_enable_wmi) is used to enable WMI, this dynamically-assigned port will be in the range of 60000 to 61000.
- For the SSH connection to succeed, the target must permit incoming network traffic on TCP ports 22.


2️⃣ Test the connection to your Target


We strongly encourage you to test the connection between an Attack Vector and the created System Target before launching a simulation to ensure that all prerequisites are met:
  • Flows are open
  • Credentials are correct

    You can launch the test during the Target creation process (using the selector provided for this purpose - see screenshot above) or at any time by selecting Connection testing in the System Target details screen.

    You receive a SUCCESS message when the connection test is validated. The System Target is now fully prepared for use in an attack campaign.


For information regarding the connection between Attack Vector and System Target, kindly consult our FAQ


How does the Attack Vector connect to the Target Systems to execute the events?

Need help to enable and test WMI access to your Windows System Target?

Some scenarios require specific accounts and privileges, these prerequisites are specified in the description of the scenarios.