Pular para o conteúdo
Tags

, , , , , , ,

AttackIQ Flex – Using and Assessing Your Security

03/19/2024

We always look and care about whether we are really protected against the most common and sophisticated attacks.

MITER has a very interesting tool with attack kits, which is AttackIQ Flex, available at  https://www.attackiq.com/

What is AttackIQ Flex

A set of tools to simulate attacks with several attack simulations separated by groups, where you can follow the instructions.

The trial packages are separated into those that are free and those that are paid for with credits that can be purchased within the tool itself.

These tools are important since Microsoft no longer has the native Attack Simulator feature in the suite ( Microsoft Defender for Endpoint evaluation lab | Microsoft Learn )

Example: EDR Test Package

When downloading the EDR package, simply run the content and 27 different attacks will be simulated, such as CryptoInject, Petya, WannaCrypt, Diamond and others.

Run the script that will execute each of the 27 simulated attacks step by step. Remembering that these are simulators that do not encrypt or actually carry out the attack, but rather generate the signals that EDRs should natively identify to prevent the attack from being carried out:

The EDR should instantly alert the user that attacks have been blocked, files sent to quarantine or reported:

Once completed, a zip file will be generated with the test results, which must be uploaded to the AttackIQ Flex website, which will generate a very detailed executive report:

Defender for Endpoint EDR Protection Result

And how did Defender for Endpoint, Microsoft’s EDR solution, fare in testing?

VERY WELL, THANK YOU!!!!!

It detected all 27 attacks with a 100% rating, generated alerts and a single aggregated incident for the station attacked in the simulation and the integration with Sentinel detailed the actions.

As mentioned, Defender was able to identify that the point of attack suffered a sequence of attacks and generated 27 alerts and a single incident:

And as I have my environment integrated, Sentinel received all alerts to be handled by the SOC with details of the entities involved in decision-making:

Conclusion

Defender for Endpoint did very well, as expected.

The AttackIQ Flex toolkit proved to be efficient and comprehensive with an extensive catalog of categories and different simulators.

From → Cybersecurity, Microsoft Defender, microsoft sentinel, Security

Deixe um comentário

Deixe um comentário

«
»