This batch script file wants to check your EDR systems detection and response capabilities more noisy way! Please wait..until EDR testing script finish it's jobs, then you should check your existing or future EDR log events! You can use this script when you are testing various EDR and NTA products! Please run this script administrator mode! Test your existing infrastructure then write correct detection & response rules. Send detected event logs SIEM and SOAR systems than take automated actions and hunt threats if any APT organization wants to steal your data and money. I will add additional different kind of scripts on this project on github repository, you can test your systems with this scripts. Some security products has blind points : )
You can't defend. You can't prevent. The only thing you can do is detect and respond.
Bruce Schneier
#References:
https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html
https://github.com/op7ic/EDR-Testing-Script
https://github.com/api0cradle/LOLBAS/tree/master/OSBinaries
https://lolbas-project.github.io/
https://atomicredteam.io/
https://attack.mitre.org/
https://infosecarsenal.blogspot.com/
https://www.tutorialspoint.com/batch_script/batch_script_commands.htm
https://www.tenforums.com/tutorials/16588-clear-all-event-logs-event-viewer-windows.html
https://blog.netspi.com/10-evil-user-tricks-for-bypassing-anti-virus/
http://petprog.blogspot.com/2012/08/a-canonical-list-of-windows-service.html
https://www.gartner.com/reviews/market/endpoint-detection-and-response-solutions
https://www.symantec.com/blogs/threat-intelligence/elfin-apt33-espionage
https://attack.mitre.org/groups/
https://www.slideshare.net/HuyKha2/different-ttps-on-attacking-active-directory-170540818
https://www.symantec.com/blogs/threat-intelligence/wmic-download-malware
https://attack.mitre.org/techniques/T1059/
https://www.carbonblack.com/2018/08/27/threat-analysis-recent-attack-technique-leveraging-cmd-exe-and-powershell-demonstrates-how-attackers-are-using-trusted-microsoft-applications-for-malicious-behavior/
https://blog.huntresslabs.com/attackers-abuse-trust-with-indirection-e8addc1ba8f
https://github.com/AhmetHan/EDR_Tester/blob/master/README.md
https://ired.team/offensive-security-experiments/offensive-security-cheetsheets
https://www.windowscentral.com/how-create-and-run-batch-file-windows-10
https://github.com/jlawhon/RedTeamFieldManualScripts
https://github.com/psychsecurity/Red-Team-Infrastructure
https://www.carbonblack.com/cbfeeds/suspicious_feed.xhtml
https://github.com/emilyanncr/Windows-Post-Exploitation#post-exploitation-techniques-and-commands
https://www.puckiestyle.nl/windows-privilege-escalation/
https://github.com/op7ic/EDR-Testing-Script
https://github.com/api0cradle/LOLBAS/tree/master/OSBinaries
https://lolbas-project.github.io/
https://atomicredteam.io/
https://attack.mitre.org/
https://infosecarsenal.blogspot.com/
https://www.tutorialspoint.com/batch_script/batch_script_commands.htm
https://www.tenforums.com/tutorials/16588-clear-all-event-logs-event-viewer-windows.html
https://blog.netspi.com/10-evil-user-tricks-for-bypassing-anti-virus/
http://petprog.blogspot.com/2012/08/a-canonical-list-of-windows-service.html
https://www.gartner.com/reviews/market/endpoint-detection-and-response-solutions
https://www.symantec.com/blogs/threat-intelligence/elfin-apt33-espionage
https://attack.mitre.org/groups/
https://www.slideshare.net/HuyKha2/different-ttps-on-attacking-active-directory-170540818
https://www.symantec.com/blogs/threat-intelligence/wmic-download-malware
https://attack.mitre.org/techniques/T1059/
https://www.carbonblack.com/2018/08/27/threat-analysis-recent-attack-technique-leveraging-cmd-exe-and-powershell-demonstrates-how-attackers-are-using-trusted-microsoft-applications-for-malicious-behavior/
https://blog.huntresslabs.com/attackers-abuse-trust-with-indirection-e8addc1ba8f
https://github.com/AhmetHan/EDR_Tester/blob/master/README.md
https://ired.team/offensive-security-experiments/offensive-security-cheetsheets
https://www.windowscentral.com/how-create-and-run-batch-file-windows-10
https://github.com/jlawhon/RedTeamFieldManualScripts
https://github.com/psychsecurity/Red-Team-Infrastructure
https://www.carbonblack.com/cbfeeds/suspicious_feed.xhtml
https://github.com/emilyanncr/Windows-Post-Exploitation#post-exploitation-techniques-and-commands
https://www.puckiestyle.nl/windows-privilege-escalation/
Hiç yorum yok :
Yorum Gönder