Portfolio

Our Portfolio

SIEM Rule Testing with Custom Scripts

We specialize in creating custom scripts designed specifically for your environment. Whether you need to validate SIEM rules, simulate attack scenarios, or fine-tune detection capabilities, our custom scripts ensure your security operations are optimized for the most critical and emerging threats.

Our custom scripting services enable you to:

Test and optimize SIEM rules based on your unique infrastructure.
Simulate real-world attack techniques mapped to the MITRE ATT&CK framework.
Strengthen your SOC’s detection and response capabilities.
Stay ahead of evolving threats with tailored solutions for your security needs.

Our Product Portfolio

While our custom scripts (PowerShell/Batch/Bash/Python) provide tailored solutions, we also offer a wide range of pre-built SIEM rule testing products. These serve as examples of the kind of solutions we can create for your organization, each mapped to specific techniques in the MITRE ATT&CK framework.

TechniqueMITRE ATT&CK Description
COM HijackingPersistenceHijacking the Component Object Model to persist malicious code
SvchostMasqueradingDefense EvasionMalicious code disguised as the legitimate svchost.exe
ClearWindowsLogsDefense EvasionDeleting Windows event logs to erase traces of malicious activity.
ControlPanelRegistryPersistenceModifying registry keys associated with the Control Panel for persistence.
SystemInformationDiscoveryDiscoveryQuerying system information to understand the environment.
VSSDeleteImpactBackup deletion to avoid Organizational system restore options
CredentialDumpingKnownUtilitiesCredential AccessUsing known Windows utilities to extract credentials from a system
Regsvr32ChildProcessDefense EvasionExecuting malicious child processes via regsvr32
LinuxBinaryShellBreakoutExecutionAbuse of Linux binaries to break out of a restricted shell
RegistryHiveDumpCredential AccessDumping registry hives to extract sensitive information
ForfilesIndirectCommandExecutionExecutionExecuting commands indirectly via forfiles
LOLBins (9 unique binary usage scripts)ExecutionUsage of 9 different unique LOLBins
InMemoryReflectionDefense EvasionLoading and executing code directly in memory to evade detection
Process InjectionDefense EvasionInjecting malicious code into legitimate processes
LSASS DumpingCredential AccessDumping Windows Credentials from LSASS
SysAid 0-dayExecutionExploitation of CVE-2023-47246
BlackCat/ALPHV Ransomware TTPsRansomwareTechniques used by the BlackCat ransomware group in mainstream cyberattacks
CitrixBleed 0-day (CVE-2023-4966)ExecutionDetects exploitation of CVE-2023-4966
TeamCity RCE (CVE-2023-42793)ExecutionTests Rules that detect exploitation of CVE-2023-42793
WS_FTP RCE (CVE-2023-40044)ExecutionTests Rules that detect exploitation of CVE-2023-40044
Qakbot TTPs (5 scripts)MalwareTest Detection Rules that are written to detect TTPs of the Qakbot malware family
MOVEit 0-day (CVE-2023-34362)ExecutionTest Rules that detect exploitation of CVE-2023-34362
WindowsDefenderTamperingDefense EvasionTampering with Windows Defender to disable protections
LinuxETCPersistenceDiscoveryModifying /etc files to maintain persistence in Linux environments
LinuxKernelUnloadPrivilege EscalationLoading or unloading unauthorized Linux kernels
LinuxWildcardInjectionExecutionExecution of Linux commands with flags that could indicate wildcard injection
Can be used to detect future exploitation attempts as well as attacker presence inside a company’s environment if rules are run retroactively.

These are just a few examples from our wide-ranging portfolio. If you’re looking for a specific test or attack simulation, our team can design and implement custom scripts to meet your exact needs. Whether it’s tuning existing rules or building entirely new detection scenarios, we ensure your SIEM system is always prepared.

MITRE ATT&CK Categories

Persistence: Techniques that ensure attackers maintain their foothold.
Defense Evasion: Methods used to avoid detection by security defenses.
Lateral Movement: Techniques that allow attackers to move within a network.
Credential Access: Techniques aimed at stealing account credentials.
Discovery: Methods used to gain knowledge of the system or network.
Impact: Techniques that compromise the integrity or availability of systems.
Execution: Running malicious code on a system.
Privilege Escalation: Gaining higher-level permissions within a system.
Command and Control: Communicating with compromised systems to control them remotely.

Your challenges are unique, and so are our solutions.

Let us develop custom scripts that address your specific security goals, ensuring that your SIEM is always a step ahead.

Enhance Your Security Today

Consult our experts to streamline your security operations and maximize efficiency.

Scroll to Top