Thread Rating:
  • 1 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
APTSimulator
#1
APT Simulator is a Windows Batch script that uses a set of tools and output files to make a system look as if it was compromised.

Use Cases
POCs: Endpoint detection agents / compromise assessment tools
Test your security monitoring's detection capabilities
Test your SOCs response on a threat that isn't EICAR or a port scan
Prepare an environment for digital forensics classes

Motives
Customers tested our scanners in a POC and sent us a complaint that our scanners didn't report on programs that they had installed on their test systems. They had installed an Nmap, dropped a PsExec.exe in the Downloads folder and placed on EICAR test virus on the user's Desktop. That was the moment when I decided to build a tool that simulates a real threat in a more appropriate way.

Why Batch?
Because it's simple: Everyone can read, modify or extend it
It runs on every Windows system without any prerequisites
It is closest to a real attacker working on the command line

Focus
The focus of this tool is to simulate adversary activity, not malware.

https://github.com/NextronSystems/APTSimulator
Reply
 




Users browsing this thread: 1 Guest(s)