If you found yourself reading this article you probably know what a dropbox is already but to summarize, it's a piece of hardware that is either overtly or covertly planted on the network.  This particular model that I've constructed is using a Raspberry Pi Zero running Raspbian Lite.  In the diagram below, my dropbox is sitting the customer network.  It uses OpenVPN and calls home to our C2 server.  Logging into our C2 server, we can then SSH back into our dropbox bypassing all of the security measures.  What we do next depends on the engagement and this post is about the setup of the dropbox.

Before I jump into the post, let's get a definition:  "Terraform is an open-source infrastructure as code software tool created by HashiCorp. It enables users to define and provision a datacenter infrastructure using a high-level configuration language known as Hashicorp Configuration Language, or optionally JSON."

We use AWS mostly and a little bit of Digital Ocean.  The majority of the instances are created from the GUI but I've been working on a project that requires the spin up and shutdown of similar servers and that's where Infrastructure as Code comes in handy.

It's hard to describe this in the subject line but how many times have you been on a Windows system and typed a *nix command?  Or on a *nix system and typed a Windows command?  One could assume that an attacker might do something similar and we could take advantage of that mistake.  First, we'll need to alias some commands like ifconfig and ls with doskey.  Our macro file looks like this: