SOCFortress Attack Simulator
Using Caldera to test your EDR Agent
EMAIL info@socfortress.co for FREE ACCESS
INTRO
It is paramount to ensure your EDR agents can detect malicious attacks. Rather than taking your vendor’s word for it, you can simulate a sophisticated attack with just a few clicks!
ACCESS
Email info@socfortress.co for free access.
Upon receiving your credentials, navigate to http://evil.socfortress.co:8888/
Login with your credentials.
Deploy Agent
The sandcat agent will be the “malicious” software that will connect back to the command and control server (http://evil.socfortress.co:8888/) to receive next steps. This will need to be invoked via by either of the two below commands.
WINDOWS:
LINUX
Verify your agent was installed and connected:
LAUNCH AN ATTACK
Create an operation
Run the operation:
VIEW YOUR ALERTS WITHIN THE SOCFORTRESS PLATFORM (or others)
View our attack blog post to observe further: https://socfortress.medium.com/detecting-apt29-with-socfortress-33c82b9ba14d
HAPPY DEFENDING :)
EMAIL info@socfortress.co for FREE ACCESS
