Our Portfolio
SIEM Rule Testing with Custom Scripts
We specialize in creating custom scripts designed specifically for your environment. Whether you need to validate SIEM rules, simulate attack scenarios, or fine-tune detection capabilities, our custom scripts ensure your security operations are optimized for the most critical and emerging threats.
Our custom scripting services enable you to:
Test and optimize SIEM rules based on your unique infrastructure.
Simulate real-world attack techniques mapped to the MITRE ATT&CK framework.
Strengthen your SOC’s detection and response capabilities.
Stay ahead of evolving threats with tailored solutions for your security needs.
Our Product Portfolio
While our custom scripts (PowerShell/Batch/Bash/Python) provide tailored solutions, we also offer a wide range of pre-built SIEM rule testing products. These serve as examples of the kind of solutions we can create for your organization, each mapped to specific techniques in the MITRE ATT&CK framework.
Technique | MITRE ATT&CK | Description |
COM Hijacking | Persistence | Hijacking the Component Object Model to persist malicious code |
SvchostMasquerading | Defense Evasion | Malicious code disguised as the legitimate svchost.exe |
ClearWindowsLogs | Defense Evasion | Deleting Windows event logs to erase traces of malicious activity. |
ControlPanelRegistry | Persistence | Modifying registry keys associated with the Control Panel for persistence. |
SystemInformationDiscovery | Discovery | Querying system information to understand the environment. |
VSSDelete | Impact | Backup deletion to avoid Organizational system restore options |
CredentialDumpingKnownUtilities | Credential Access | Using known Windows utilities to extract credentials from a system |
Regsvr32ChildProcess | Defense Evasion | Executing malicious child processes via regsvr32 |
LinuxBinaryShellBreakout | Execution | Abuse of Linux binaries to break out of a restricted shell |
RegistryHiveDump | Credential Access | Dumping registry hives to extract sensitive information |
ForfilesIndirectCommandExecution | Execution | Executing commands indirectly via forfiles |
LOLBins (9 unique binary usage scripts) | Execution | Usage of 9 different unique LOLBins |
InMemoryReflection | Defense Evasion | Loading and executing code directly in memory to evade detection |
Process Injection | Defense Evasion | Injecting malicious code into legitimate processes |
LSASS Dumping | Credential Access | Dumping Windows Credentials from LSASS |
SysAid 0-day | Execution | Exploitation of CVE-2023-47246 |
BlackCat/ALPHV Ransomware TTPs | Ransomware | Techniques used by the BlackCat ransomware group in mainstream cyberattacks |
CitrixBleed 0-day (CVE-2023-4966) | Execution | Detects exploitation of CVE-2023-4966 |
TeamCity RCE (CVE-2023-42793) | Execution | Tests Rules that detect exploitation of CVE-2023-42793 |
WS_FTP RCE (CVE-2023-40044) | Execution | Tests Rules that detect exploitation of CVE-2023-40044 |
Qakbot TTPs (5 scripts) | Malware | Test Detection Rules that are written to detect TTPs of the Qakbot malware family |
MOVEit 0-day (CVE-2023-34362) | Execution | Test Rules that detect exploitation of CVE-2023-34362 |
WindowsDefenderTampering | Defense Evasion | Tampering with Windows Defender to disable protections |
LinuxETCPersistence | Discovery | Modifying /etc files to maintain persistence in Linux environments |
LinuxKernelUnload | Privilege Escalation | Loading or unloading unauthorized Linux kernels |
LinuxWildcardInjection | Execution | Execution of Linux commands with flags that could indicate wildcard injection |
These are just a few examples from our wide-ranging portfolio. If you’re looking for a specific test or attack simulation, our team can design and implement custom scripts to meet your exact needs. Whether it’s tuning existing rules or building entirely new detection scenarios, we ensure your SIEM system is always prepared.
MITRE ATT&CK Categories
Persistence: Techniques that ensure attackers maintain their foothold.
Defense Evasion: Methods used to avoid detection by security defenses.
Lateral Movement: Techniques that allow attackers to move within a network.
Credential Access: Techniques aimed at stealing account credentials.
Discovery: Methods used to gain knowledge of the system or network.
Impact: Techniques that compromise the integrity or availability of systems.
Execution: Running malicious code on a system.
Privilege Escalation: Gaining higher-level permissions within a system.
Command and Control: Communicating with compromised systems to control them remotely.
Your challenges are unique, and so are our solutions.