Security Onion - SIMGA - Atomic Red Team
Рет қаралды 864
Күн бұрынIn this video I'll demo how you can use Atomic Red Team scripts to test Security Onion Playbook Rules via SIMGA. The Onion sees all!
-Dumping Creds
-Malicious scheduled tasks
-Account creation
SIGMA is very powerful! Combined with Playbook in Security Onion the flexibility is endless! Hope you all enjoy!
#AtomicRedTeam
#SecurityOnion
github.com/red...
@SkreenGG 2 жыл бұрын
Great video! Dude, you are a man blessed with vision. I would never have thought of using ART to help test/tune detection plays. This is awesome! Want to pick your brain at some point about osquery
@cyberlabz 2 жыл бұрын
Thanks! All I need to do is figure out how to make better videos! ART has opened me opened up to creating more SIGMA rules which currently are not in Playbook. I hope to demo that in my next video. Stay tuned!
@SkreenGG 2 жыл бұрын
I had issues running ART in my lab but I placed the folder with all the attacks on defenders exclusion list and it worked better
@cyberlabz 2 жыл бұрын
Definitely disable Defender! The ability to choose a specific tactic, test, and repeat makes this a great tuning methodology.
Cyber Peachh
Рет қаралды 10 М.
Attack Detect Defend (rot169)
Рет қаралды 11 М.