Adversary Emulations Using Mitre Caldera and Wazuh EDR — Part II: Discovery.

Intro

Intro

Discovery — Abilities Included

Adversary Emulation — Execution

Mitre Caldera — Discovery Atomic Tests
C2 Beacon and Command Executions
Mitre Caldera — Discovery Debrief

Events and Alerts.

EDR — Sysmon Anomalies and Correlation Rule Triggered.
Powershell anomaly
Powershell anomaly
C2 — EDR Communication.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
SOCFortress

SOCFortress is a SaaS company that unifies Observability, Security Monitoring, Threat Intelligence and Security Orchestration, Automation, and Response (SOAR).