Purple Teaming, SIEM Testing Scripts/Services

Vulnerability / 0-day Scripts

Simple scripts to test your Complex SIEM Rules

MOVEit 0-Day RCE

Test Defense Rules written to Detect exploitation of CVE-2023-3462

WS_FTP RCE

Test Defense Rules written to Detect exploitation of CVE-2023-40044

TeamCity RCE

Test Defense Rules written to Detect exploitation of CVE-2023-42791

Citrix Bleed

Test Defense Rules written to Detect exploitation of the Citrix Bleed vulnerability CVE-2023-4966

SysAid 0-day

Test Defense Rules written to Detect exploitation of the SysAid 0-Day vulnerability CVE-2023-47246

Ransomware/Malware TTP Scripts (Partial Detections)

Test Detection Rules designed to detect Exploitation behaviour of commodity malware

BlackCat/ALPHV Ransomware TTP

Test Defense Rules written to Detect usage of the 'Munchkin' Toolkit in your environment

LOLBins

Complete Package of products designed to test Detection Rules written for LOLBin usage (Regsvr32, MSHTA, Rundll32, Msiexec, 0dbcconf etc.)

Qakbot

Complete Package of products designed to test Detection Rules written for TTPs use by the Qakbot malware

Can be used to detect future exploitation attempts as well as attacker presence inside a company's environment if rules are run retroactively.

Purple Teaming, SIEM Testing Scripts/Services

Vulnerability / 0-day Scripts

MOVEit 0-Day RCE

WS_FTP RCE

TeamCity RCE

Citrix Bleed

SysAid 0-day

Ransomware/Malware TTP Scripts (Partial Detections)

BlackCat/ALPHV Ransomware TTP

LOLBins

Qakbot

Threat Actor / APT Group TTP Scripts (Partial Detections)

FIN7

CozyBear

Purple Teaming, SIEM Testing Scripts/Services

Vulnerability / 0-day Scripts

MOVEit 0-Day RCE

WS_FTP RCE

TeamCity RCE

Citrix Bleed

SysAid 0-day

Ransomware/Malware TTP Scripts (Partial Detections)

BlackCat/ALPHV Ransomware TTP

LOLBins

Qakbot

Threat Actor / APT Group TTP Scripts (Partial Detections)

FIN7

CozyBear

Cookies!