Skip to content
/ EDR_Tester Public

This batch script file wants to check your EDR systems detection and response capabilities in a more noisy way!

infosecarsenal.blogspot.com/
11 stars 5 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

AhmetHan/EDR_Tester

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

243 Commits
AttackPs.ps1
AttackPs.ps1
 
 
EDR-Tester.bat
EDR-Tester.bat
 
 
README.md
README.md
 
 
dga_test.ps1
dga_test.ps1
 
 
postRequest.vbs
postRequest.vbs
 
 

Repository files navigation

EDR_Tester

This batch script file wants to check your EDR systems detection and response capabilities in a more noisy way! Please wait..until EDR testing script finish its Jobs, then you should check your existing or future EDR log events! You can use this script when you are testing various EDR and NTA products! Please run this script administrator mode! Test your existing infrastructure than write correct detection & response rules. Send detected event logs SIEM and SOAR systems then take automated actions and hunt threats if any APT organization wants to steal your data and money. I will add additional different kind of scripts on this repository, you can test your systems with this scripts. Some security products has blind points : )

Note: Please change all fields abc.local domain name your local domain name.If you are testing real domain environment.

#References:

https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html

https://github.com/op7ic/EDR-Testing-Script

https://github.com/api0cradle/LOLBAS/tree/master/OSBinaries

https://lolbas-project.github.io/

https://atomicredteam.io/

https://attack.mitre.org/

https://infosecarsenal.blogspot.com/

https://www.tutorialspoint.com/batch_script/batch_script_commands.htm

https://www.tenforums.com/tutorials/16588-clear-all-event-logs-event-viewer-windows.html

https://blog.netspi.com/10-evil-user-tricks-for-bypassing-anti-virus/

http://petprog.blogspot.com/2012/08/a-canonical-list-of-windows-service.html

https://www.gartner.com/reviews/market/endpoint-detection-and-response-solutions

https://www.symantec.com/blogs/threat-intelligence/elfin-apt33-espionage

https://attack.mitre.org/groups/

https://www.slideshare.net/HuyKha2/different-ttps-on-attacking-active-directory-170540818

https://www.symantec.com/blogs/threat-intelligence/wmic-download-malware

https://attack.mitre.org/techniques/T1059/

https://www.carbonblack.com/2018/08/27/threat-analysis-recent-attack-technique-leveraging-cmd-exe-and-powershell-demonstrates-how-attackers-are-using-trusted-microsoft-applications-for-malicious-behavior/

https://blog.huntresslabs.com/attackers-abuse-trust-with-indirection-e8addc1ba8f

https://github.com/AhmetHan/EDR_Tester/blob/master/README.md

https://ired.team/offensive-security-experiments/offensive-security-cheetsheets

https://www.windowscentral.com/how-create-and-run-batch-file-windows-10

https://github.com/jlawhon/RedTeamFieldManualScripts

https://github.com/psychsecurity/Red-Team-Infrastructure

https://www.carbonblack.com/cbfeeds/suspicious_feed.xhtml

https://github.com/emilyanncr/Windows-Post-Exploitation#post-exploitation-techniques-and-commands

https://www.puckiestyle.nl/windows-privilege-escalation/

About

This batch script file wants to check your EDR systems detection and response capabilities in a more noisy way!

infosecarsenal.blogspot.com/

Resources

Readme
Activity

Stars

11 stars

Watchers

1 watching

Forks

5 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages