Cheat sheet when designing offensive code
Source: https://raw.githubusercontent.com/OTRF/API-To-Event/master/images/API-to-Sysmon.svg
#redteam #sysmon
Source: https://raw.githubusercontent.com/OTRF/API-To-Event/master/images/API-to-Sysmon.svg
#redteam #sysmon
📒Simulating attacks with Sysmon
SysmonSimulator is an Open source Windows event simulation utility created in C language, that can be used to simulate most of the attacks using WINAPIs. This can be used by Blue teams for testing the EDR detections and correlation rules. I have created it to generate attack data for the relevant Sysmon Event IDs.
Attack coverage:
— Process Events
— File Events
— Named Pipes Events
— Registry Actions
— Image Loading
— Network Connections
— Create Remote Thread
— Raw Access Read
— DNS Query
— WMI Events
— Clipboard Capture
— Process Image Tampering
Research:
https://rootdse.org/posts/understanding-sysmon-events/
Tool:
https://github.com/ScarredMonk/SysmonSimulator
#sysmon #simulator #blueteam #lab
SysmonSimulator is an Open source Windows event simulation utility created in C language, that can be used to simulate most of the attacks using WINAPIs. This can be used by Blue teams for testing the EDR detections and correlation rules. I have created it to generate attack data for the relevant Sysmon Event IDs.
Attack coverage:
— Process Events
— File Events
— Named Pipes Events
— Registry Actions
— Image Loading
— Network Connections
— Create Remote Thread
— Raw Access Read
— DNS Query
— WMI Events
— Clipboard Capture
— Process Image Tampering
Research:
https://rootdse.org/posts/understanding-sysmon-events/
Tool:
https://github.com/ScarredMonk/SysmonSimulator
#sysmon #simulator #blueteam #lab
👍9