SOCFortress Attack Simulator

Using Caldera to test your EDR Agent

EMAIL info@socfortress.co for FREE ACCESS

INTRO

It is paramount to ensure your EDR agents can detect malicious attacks. Rather than taking your vendor’s word for it, you can simulate a sophisticated attack with just a few clicks!

ACCESS

Email info@socfortress.co for free access.

Upon receiving your credentials, navigate to http://evil.socfortress.co:8888/

Login with your credentials.

Deploy Agent

The sandcat agent will be the “malicious” software that will connect back to the command and control server (http://evil.socfortress.co:8888/) to receive next steps. This will need to be invoked via by either of the two below commands.

WINDOWS:

LINUX

Verify your agent was installed and connected:

LAUNCH AN ATTACK

Create an operation

Run the operation:

VIEW YOUR ALERTS WITHIN THE SOCFORTRESS PLATFORM (or others)

View our attack blog post to observe further: https://socfortress.medium.com/detecting-apt29-with-socfortress-33c82b9ba14d

HAPPY DEFENDING :)

EMAIL info@socfortress.co for FREE ACCESS

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
SOCFortress

SOCFortress is a SaaS company that unifies Observability, Security Monitoring, Threat Intelligence and Security Orchestration, Automation, and Response (SOAR).