From 8cc27f2d1a317c6ecaecebb1833f58d9f73deace Mon Sep 17 00:00:00 2001
From: op7ic <3172590+op7ic@users.noreply.github.com>
Date: Fri, 13 Jul 2018 16:24:13 +0100
Subject: [PATCH] Update README.md

---
 README.md | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 49f57d3..03aebb8 100644
--- a/README.md
+++ b/README.md
@@ -1,13 +1,17 @@
 # EDR-Testing-Script
 
-This repository contains simple script to test your EDR solution against Mitre ATT&CK framework (with some extras). This project is very much in its infancy right now. Only a small subset of tests are presently added but more will be added later. Chances are this script will be redesigned to facilitate this in the future.
+This repository contains simple script to test your EDR solution against few Mitre ATT&CK framework tests (with some extras). This project is very much in its infancy right now. Only a small subset of tests are presently added but more will be added later. Chances are this script will be redesigned to facilitate this in the future. It is written as a single batch script so it can be easily uploaded and run (as opposed to un-zipped, compiled and installed). It can run either as a normal user or as Administrator.
 
-Right now this script only works on Windows. 
+Right now this script only works on Windows and should work with most security endpoint solutions.
 
 **How To**
 
 Run the script and observe alerts coming to your EDR console. Cross-verify these alerts to check if your EDR solution identified them correctly. Most tests will just execute calc.exe but it can be easily modified to try to download and exec i.e. Mimikatz.
 
+**Why**
+
+Because it is hard to figured out how accurate EDR's are. Most endpoint solutions are sold as magic bullet for security but it is actually difficult to verify how much these products actually detect from the most common malicious techniques. [MITRE](https://attack.mitre.org/wiki/Main_Page) & [LOLBAS](https://github.com/api0cradle/LOLBAS)  do pretty good job at mapping common tools and techniques which are being used by attackers out there to pivot, execute code and progress throught internal networks. The aim of this tool is to help to verify if these techniques are detected and contained at the endpoint.
+
 **Tested On**
 
 * Windows 7 x86