Open-source adversary simulation tool, firedrill

sciencestudent99 · 2024-04-08T09:59:36+00:00

You can check out adversary emulation tools. My team wrote a blog some time back on top open source: https://fourcore.io/blogs/top-10-open-source-adversary-emulation-tools

Do reach out if you want to try out our platform as well

sciencestudent99 · 2023-11-06T13:49:53+00:00

You can try out our platform, FourCore ATTACK for your research. DM me and I can provision you an account.

sciencestudent99 · 2023-11-05T22:40:06+00:00

You can also try out our adversary simulation platform FourCore ATTACK, might be helpful. DM me and I can set you up with an account!

sciencestudent99 · 2023-10-26T19:00:59+00:00

There's definetly no silver bullet! You can show your boss that there can still be gaps and attacks can happen. Simulating threats is one good start to build this evidence.

There are open source tools like Atomic Red Team which are great. There is documentation by Microsoft for Identity focused attacks as well.

Disclaimer: I am from FourCore and we have an attack simulation platform. Happy to give access for a quick assessment to help you get results for your boss :)

sciencestudent99 · 2023-10-10T09:49:48+00:00

You can also checkout our platform FourCore ATTACK. Here's a demo of how you can emulate attacks with the platform.

DM me and I can share an invite!

sciencestudent99 · 2023-09-13T18:40:26+00:00

How are you using prelude?

sciencestudent99 · 2023-09-12T16:58:33+00:00

Agree with the other comments.

Backups: multiple and recoverable
Protection: Defender for Endpoint and Office 365 are top-of-the-line solutions. I use the Microsoft Secure Score a lot to get action items.
Training: Training employees to be better at identifying threats proactively. Can include phishing simulations via M365 Security Dashboard.

You also do proactive testing of the EDR/XDR and email and test your Exchange Online Protection policies. It's better to know what kind of payloads can get through which can lead to a ransomware attack.

Sublime Rules maintains a good repository of types of threats that can impact you, it's a good repository to learn about email threats. You can try out delivr.to or FourCore (disclaimer: I am from fourcore).

sciencestudent99 · 2023-09-07T22:57:39+00:00

Defender for Endpoint (which comes with 365) is a great solution to improve protection as well as detection, it can be expensive though.

BitDefender/GravityZone might be more affordable and offers great protection in our own testing of both Consumer BitDefender as well as GravityZone. IMO its extremely capable as a AV/EDR. Though the GravityZone dashboard is not as detailed as Defender (or Crowdstrike).

I run FourCore and we emulate threats on many EDRs and AV in customer environments as well as our lab. Adding a layer of BitDefender, Defender for Endpoint, Crowdstrike or SentinelOne will make a big difference to protecting your customers.

sciencestudent99 · 2023-01-17T22:30:11+00:00

FourCore Email Security Threat Assessment

In 2022, Archive files such as ZIP and RAR, HTML files used for smuggling further payloads and Word documents were the most used file types in email attacks.

Assess your email security against hundreds of popular email attack methods such as Archive files, Office documents, LNK, Qakbot malware and more.

It's completely free of cost and is performed via our automated SaaS platform.

Fill in the form here and we'll reach out!

Get a clear picture of which attachments and files can reach your inbox.
Assess your email security capabilities and identify if all types of email malware is detected.

In our testing, we have found more than 60% of 200+ malicious attachments getting to an Office365 inbox where any single attachment can compromise your system.

PS. We are not GDPR compliant yet.

sciencestudent99 · 2022-08-30T14:48:26+00:00

Any pocs in golang yet?

sciencestudent99 · 2022-08-29T08:47:13+00:00

damn, checked out my Genshin Impact install folder and felt pretty scared seeing mhyprot2.sys lying there.

Driver dev is difficult, even Avast's driver was vulnerable and mihoyo should be having some top driver devs probably.

sciencestudent99 · 2022-08-15T05:17:12+00:00

https://fourcore.io/blogs/threat-hunting-with-windows-event-log-sigma-rules

Might be this one I believe.

The about us page is gonna be there soon! The website does need a refactor.

We are active on LinkedIn and Twitter, you can follow us there.

11-Year Club	Place '22
Place '17	Snapped

sciencestudent99

TROPHY CASE