SOCFortress Attack Simulator

SOCFortress
2 min readAug 3, 2022

--

Using Caldera to test your EDR Agent

EMAIL info@socfortress.co for FREE ACCESS

INTRO

It is paramount to ensure your EDR agents can detect malicious attacks. Rather than taking your vendor’s word for it, you can simulate a sophisticated attack with just a few clicks!

ACCESS

Email info@socfortress.co for free access.

Upon receiving your credentials, navigate to http://evil.socfortress.co:8888/

CALDERA Login Page

Login with your credentials.

Deploy Agent

The sandcat agent will be the “malicious” software that will connect back to the command and control server (http://evil.socfortress.co:8888/) to receive next steps. This will need to be invoked via by either of the two below commands.

WINDOWS:

LINUX

VIA POWERSHELL

Verify your agent was installed and connected:

LAUNCH AN ATTACK

Create an operation

Run the operation:

VIEW YOUR ALERTS WITHIN THE SOCFORTRESS PLATFORM (or others)

View our attack blog post to observe further: https://socfortress.medium.com/detecting-apt29-with-socfortress-33c82b9ba14d

HAPPY DEFENDING :)

EMAIL info@socfortress.co for FREE ACCESS

--

--

SOCFortress
SOCFortress

Written by SOCFortress

SOCFortress is a SaaS company that unifies Observability, Security Monitoring, Threat Intelligence and Security Orchestration, Automation, and Response (SOAR).

No responses yet