Skip to content

Commit

Permalink
update readme
Browse files Browse the repository at this point in the history
  • Loading branch information
@op7ic
op7ic committed Jul 16, 2018
1 parent eb3b7dd commit 62986ce
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions README.md
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# EDR-Testing-Script

This repository contains simple script to test your EDR solution against few Mitre ATT&CK framework tests (with some extras). This project is very much in its infancy right now. Only a small subset of tests are presently added but more will be added later. Chances are this script will be redesigned to facilitate this in the future. It is written as a single batch script so it can be easily uploaded and run (as opposed to un-zipped, compiled and installed). It can run either as a normal user or as Administrator.
This repository contains simple script to test EDR solutions against few Mitre ATT&CK framework tests (with some extras). This project is very much in its infancy right now. Only a small subset of tests are presently added but more will be added later. Chances are this script will be redesigned to facilitate this in the future. It is written as a single batch script so it can be easily uploaded and run (as opposed to un-zipped, compiled and installed). It can run either as a normal user or as Administrator however not giving it high privilages will fail some tests.

Right now this script only works on Windows and should work with most security endpoint solutions.

Expand All @@ -10,7 +10,7 @@ Run the script and observe alerts coming to your EDR console. Cross-verify these

**Why**

Because it is hard to figured out how accurate EDR's are. Most endpoint solutions are sold as magic bullet for security but it is actually difficult to verify how much these products actually detect from the most common malicious techniques. [MITRE](https://attack.mitre.org/wiki/Main_Page) & [LOLBAS](https://github.com/api0cradle/LOLBAS) do pretty good job at mapping common tools and techniques which are being used by attackers out there to pivot, execute code and progress through internal networks. The aim of this tool is to help and verify if the use of tools and techniques is indeed detected by your endpoint solution.
Because it is hard to figured out how accurate EDR's are. Most endpoint solutions are sold as magic bullet for security but it is actually difficult to verify how much these products actually detect from the most common malicious techniques. [MITRE](https://attack.mitre.org/wiki/Main_Page) & [LOLBAS](https://github.com/api0cradle/LOLBAS) do pretty good job at mapping common tools and techniques which are being used by attackers out there to pivot, execute code and progress through internal networks. The aim of this tool is to help and verify if the use of tools and techniques is indeed detected by endpoint solution.

**Weaponization**

Expand Down

0 comments on commit 62986ce

Please sign in to comment.