NodeZero Host is a Docker host that runs the NodeZero container. Think of it as the starting point for an attacker. You decide where you want the Attacker’s Perspective to start and drop a NodeZero Host there. This host has to be running prior to the operation in order to download and execute NodeZero, and must continue running during the operation. Once the operation is complete, you are free to shutdown or remove the host from the network.
If a different distribution is desired contact the H3 team to determine suitability. It is likely that most distributions will run NodeZero without issue, we just haven’t written checks or validated all of them.
Ideal Host System Requirements
UPDATE: We have identified intermittent problems running NodeZero on macOS Big Sur (11.x) due to a Docker Engine issue within Docker Desktop for Mac. When the operation starts, it may not be able to communicate outbound to the Internet from within the Docker container. We are working to resolve this problem and will provide updates as soon as possible. In order to run an operation when this problem arises, we recommend using a virtual machine (such as with VirtualBox, etc.) configured with the required specs (noted below).
- Machine Specifications
- 2 CPU (physical or virtual)
- 8GB RAM
- 20 GB free HDD space
- Operating System
- Ubuntu Linux 16.x, 18.x, 20.x, or higher (also Debian)
- Redhat Linux 7.x, 8.x, or higher (also CentOS, Fedora)
- Synology NAS 6.2, 7.0
- Other Linux distributions (if Docker supports them)
- Windows 10 with WSL2 (limited NodeZero functionality)
- macOS 10.x (limited NodeZero functionality)
- Network Access (See Connectivity Requirements below for more specific information)
- HTTPS:443 access to AWS SQS, Cognito, S3, and ECR
- Docker installed (most recent version)
- See Docker installation instructions below
The brains of your personal ethical hacker lives in a single-use architecture in the cloud. We call it
NodeZero host needs access to Core over https:443 in order to communicate with it. Think of this communication as the central nervous system. Your brain, must send messages to your hands and your hands need to send feedback to your brain so that it can analyze and decide the next best action.
- From a Service perspective,
NodeZeromust be able to communicate with
Core. We currently utilize AWS SQS, Cognito, and S3 over HTTPS:443. This is NOT used as part of the assessment and must be allowed.
- Assessment Perspective: Do NOT modify your environment.
NodeZerois not like any other service or tool. If you wouldn’t modify it for an attacker, don’t modify it for
NodeZero…If your firewall is configured to block your marketing VLAN from reaching your finance VLAN, leave it.
NodeZerowill VERIFY that is actually happening.
If your environment connects to the internet via a proxy, this will affect
NodeZero's ability to communicate out. Contact us to facilitate compatibility.
Outbound Network Access
Uninterrupted network access to the following endpoints is required during the entire operation
- cognito-identity.us-east-2.amazonaws.com (over HTTPS port 443)
- cognito-idp.us-east-2.amazonaws.com (over HTTPS port 443)
- sqs.us-east-2.amazonaws.com (over HTTPS port 443)
- *.queue.amazonaws.com (over HTTPS port 443)
- *.ecr.us-east-2.amazonaws.com (over HTTPS port 443)
- *.s3.us-east-2.amazonaws.com (over HTTPS port 443)
- *.s3.amazonaws.com (over HTTPS port 443)
- *.interacth3.io (over HTTP port 80 – Note no sensitive information of any kind is transmitted over this channel)
- *.docker.io (over HTTPS port 443)
- *.docker.com (over HTTPS port 443)
- api.horizon3ai.com (over HTTPS port 443)
It is possible to run NodeZero through a proxy if necessary. Contact your Horizon3.ai representative for more details.
Inbound Network Access
The following ports should be opened on the NodeZero host/VM to allow traffic in:
- TCP 21, 23, 25, 53, 80, 88, 110, 135, 139, 143, 389, 443, 445, 587, 1433, 3389, 8080
- UDP 69
This is required on the NodeZero host. This does not pertain to perimeter firewalls.
“Docker is a tool designed to make it easier to create, deploy, and run applications by using containers. Containers allow a developer to package up an application with all of the parts it needs, such as libraries and other dependencies, and deploy it as one package. By doing so, thanks to the container, the developer can rest assured that the application will run on any other Linux machine regardless of any customized settings that machine might have that could differ from the machine used for writing and testing the code.”
To install docker on Ubuntu, perform the following steps:
sudo su apt-get update apt-get install docker-ce docker-ce-cli containerd.io
NOTE: On Ubuntu version 20.04, replace the above command
apt-get install docker-ce docker-ce-cli containerd.io with
sudo apt-get install -y docker.io
You can get more information on installing docker engine for different operating systems in the docker documentation.
Once the installation is complete, validate your
NodeZero host is ready to run operations by running the
NodeZero environment validation script (preferred).
Run the following command to run the script:
curl https://h3ai-web.s3.amazonaws.com/checkenv.sh | bash
The output should look similar to the following:
# curl https://h3ai-web.s3.amazonaws.com/checkenv.sh | bash % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 18646 100 18646 0 0 61134 0 --:--:-- --:--:-- --:--:-- 61134 [#] This script validates the environment is ready to run NodeZero. [#] Checking Operating System: [+] PASSED: macOS is a supported Operating System. [#] Gathering environmental variables to conduct further checks: [+] PASSED: All environmental variables set and proceeding with next checks. [#] Checking Docker functionality by running the hello-world test container: [+] PASSED: Docker is installed and functioning properly. [#] Checking Docker permissions to volume mount files from /Users/test/test directory: [+] PASSED: Docker permissions are correct for the /Users/test/test directory location. [#] Checking connectivity to AWS resources: [+] PASSED: s3.us-east-2.amazonaws.com is reachable. [#] Checking 6GB HDD space requirements: [+] PASSED: There is enough space for the NodeZero container: 34.0386GB [#] Checking memory requirements: [+] PASSED: This system has 32GB RAM which meets the recommended minimum to support NodeZero. [#] Checking compute resource requirements: [+] PASSED: This system has 20 CPUs which meets the minimum logical CPU requirements to run NodeZero. [#] Script complete. If any checks failed, correct and re-run before attempting to 'Run a Pen Test'. If all checks passed, the environment is NodeZero ready. If there are warnings, the environment is still NodeZero ready and you may choose to accept or correct the warnings.
If you run into any Failures, contact us via our chat icon in the lower right hand corner of the portal, or shoot us a message at email@example.com.