A Caldera for OT plugin supplying Caldera with DNP3 protocol TTPs. This is part of a series of plugins that provide added threat emulation capability for Operational Technology (OT) environments.
Full DNP3 plugin documentation can be viewed as part of fieldmanual, once the Caldera server is running.
To run Caldera along with DNP3 plugin:
- Download Caldera as detailed in the Installation Guide
- Install the dnp3 plugin in Caldera's plugin directory:
caldera/plugins - Enable the dnp3 plugin by adding
- dnp3to the list of enabled plugins inconf/local.ymlorconf/default.yml(if running Caldera in insecure mode)
This plugin is compatible with Caldera v4.2.0 and v5.0.0. The latest version of Caldera can be checked out using the following method:
git clone --recursive https://github.com/mitre/caldera.git
Building of the DNP3 plugin payloads has been tested on Windows 10 64-bit using VSCode as described here. See the corresponding plugin payload source code for further build information.
Testing of the binaries has occured on:
- Microsoft Windows 10 v21H2
- Import the plugin, and optionally set up the required facts (i.e. like the fact sources provided).
- Start an operation, optionally using the fact source you set up.
- Use "Add Potential Link" to run a specific ability from this plugin. You can enter the fact values manually, or use the ones from your fact source.
Sources contains a small example fact set and the fieldmanual documentation contains a reference section on DNP3 sources.