[TURLA]: Missing/Inaccurate steps for configuring Linux Attack Platform (modin) in Azure

[rtkcgrantcharov]

Several issues have been uncovered in several of the steps outlined in: Setup-RedTeam.md

1. Run files/support/kali/kali-prereqs.sh

• Based on the terraform definition:

  adversary_emulation_library/turla/Resources/setup/terraform/evals-ranges/support.tf

  Lines 130 to 143 in 4a57b3d

  	module "red-kali1" {
  	source = "../modules/linuxsrv-latest-static"
  	name = "${var.name-prefix}-kali-dev1"
  	location = var.location
  	admin_username = var.dev_linux_username
  	admin_password = var.dev_linux_password
  	group_name = module.rgroup.name
  	subnet_id = azurerm_subnet.red.id
  	description = "Kali Attack Platform VM"
  	environment = local.default_tags.environment
  	static_ip_list = var.red_kali_platform_ip_list
  	ssh_private_key_path = var.ssh_private_key_path
  	ssh_public_key_path = var.ssh_public_key_path
  	default_dns_servers = module.support-dns-srv1.ips

  , this is based off a Ubuntu 20.04 base VM.
• As a result, the packages kali-desktop-xfce and default-mysql-server cause package issues when attempting to install; see:

  adversary_emulation_library/turla/Resources/setup/files/support/kali/kali-prereqs.sh

  Lines 33 to 36 in 4a57b3d

  	apt install -y kali-desktop-xfce xorg xrdp augeas-{tools,lenses} git etckeeper
  	apt install -y postfix ripmime mailutils procmail swaks
  	apt install -y php php-mysql ruby default-mysql-server mariadb-client-10.6 mariadb-server-10.6 apache2

• Additionally MySQL and MariaDB conflict with each other; I don't think can have both of them installed side-by-side
• Ubuntu 20.04 only has packages: mariadb-server-10.3 and mariadb-client-10.3, the 10.6 versions do not exist

2. Run files/support/kali/kali-update.sh

• introduces references to users that have not been provisioned by previous steps; see:

  adversary_emulation_library/turla/Resources/setup/files/support/kali/kali-update.sh

  Line 25 in 4a57b3d

  dev_user="dev"

• introduces references to files/locations that have not been pre-populated in prior steps; see:

  adversary_emulation_library/turla/Resources/setup/files/support/kali/kali-update.sh

  Lines 27 to 28 in 4a57b3d

  	http_src_file="${day1_dir}/Resources/SimpleDropper/SimpleDropper/bin/SimpleDropper_http.exe"
  	https_src_file="${day1_dir}/Resources/SimpleDropper/SimpleDropper/bin/SimpleDropper_https.exe"

• there are no instructions to compile the binaries or pre-compiled binaries provided called SimpleDropper_http.exe and SimpleDropper_https.exe

[rtkcgrantcharov]

After some more digging around, it appears that SimpleDropper_http.exe and SimpleDropper_https.exe might in fact be EPICDropper_http.exe and EPICDropper_https.exe in the binaries.zip. This inconsistency should be fixed.