A Caldera for OT plugin supplying MITRE Caldera™ with Profinet protocol TTPs mapped to MITRE ATT&CK® for ICS v14. This is part of a series of plugins that provide added threat emulation capability for Operational Technology (OT) environments.
Currently this plugin provides coverage for functions within the Profinet Discovery and Basic Configuration Protocol (DCP) service. DCP supports configuration of Profinet devices via link-layer communications. Profinet devices typically use DCP on system start-up to identify network addresses of target endpoints.
Full Profinet plugin documentation can be viewed as part of fieldmanual, once the Caldera server is running.
To run Caldera along with Profinet plugin:
- Download Caldera as detailed in the Installation Guide
- Install the Profinet plugin in Caldera's plugin directory:
caldera/plugins - Enable the Profinet plugin by adding
- profinetto the list of enabled plugins inconf/local.ymlorconf/default.yml(if running Caldera in insecure mode)
This plugin is compatible with Caldera v4.2.0 and v5.0.0. The latest version of Caldera can be checked out using the following method:
git clone --recursive https://github.com/mitre/caldera.git
Building of the Profinet plugin payloads has been tested as described here. See the corresponding plugin payload source code for further build information.
Testing of the binaries has occured on:
- Microsoft Windows 10 v21H2
- Ubuntu 22.04.2 LTS
For additional information on the Profinet plugin payload source code, please see this corresponding repository, which contains additional licensing and build guidance.
- Import the plugin, and optionally set up the required facts. Simplest method is to create a source with the Caldera UI.
- Start an operation, optionally using the fact source you set up.
- Use "Add Potential Link" to run a specific ability from this plugin. You can enter the fact values manually, or use the ones from your fact source.