Agents

Install and Configure a Jackal

The following guide will show you how to install a Jackal on prem and modify configurations.

Jackals

Jackals are Method’s lightweight, deployable security agents that execute tools and workfllows on target systems. Installed agents enable assumed breach operations and on-prem assessments.

For additional details about Jackal infrastructure, see Jackals.

Install a Jackal

  1. Download the latest Jackal version by visiting the Method platform and navigating to Download Binaries (this will be [your-stack].method.delivery/agent/download) page and select the Jackal agent for your target platform.

  2. Copy the Jackal executable (either jackal or jackal.exe) to your working directory: cp ~Downloads/jackal .

  3. Make the Jackal executable chmod +x ./jackal (For MacOS)

  4. Run the exeuctable with no arguments to ensure that system protections are not going to block the Jackal.

System protections may block Jackal executable
  • For MacOS, click on System Settings > Privacy & Security > scroll down to Security and click Open Anyway.
Allow Jackal to open
  • On Windows, navigate to Windows Security > Virus & threat protection settings > and disable "Real-time protection"
Windows Security Settings
  1. Start the Jackal enrollment process by navigating to Admin > Jackals v1 > Enroll Jackal
Enroll a Jackal
  1. Select an environment for the Jackal and give it a name. Then click Enroll Jackal. For guidance on how to create an environment, see the Create a new Environment.
Enroll a new Jackal
  1. Take the output in the copy-able text box and use it as the command line arguments for the Jackal executable.
Jackal successfully enrolled
  1. Go back to your working directory, type ./jackal CLI arguments or ./jackal.exe CLI arguments from the Jackal instructions.
Copy the CLI command to begin running your Jackal
  1. Within two minutes, you will see a log that contains -----BEGIN CERTIFICATE-----
Log capturing certificate created

  1. Stop the Jackal and confirm that a config.yaml file was written.

  2. Restart the Jackal without any arguments to allow it to run in foreground mode (it will stop when the terminal is closed) or with --daemonize to run it as a daemon.

Configure a Jackal

Jackals can be configured against exfiltration, workflow execution control, and C2 parameters to modify levels of riskiness during an operation. Jackal configurations can be found in the Administration settings or in the Operation Objective pane in the Operator workspace.

Jackal configuration details
Jackal configuration interface