ATTACKIQ Scenarios 

New Service: Creating a Windows service in order to retain access to compromised system is a common approach. Service creation is also a common method to escalate privileges from Administrator to SYSTEM. Identifying what services are running in a given system.  

1200px-Mitre_Corporation_logo.svg.png|  Tech ID: T1050 | Read More 

Create Account: Achieving persistence is among the first steps that an attacker can do once he has access to the system. One way to do this is to create a new account in the system, which is only known by the attacker.

1200px-Mitre_Corporation_logo.svg.png |  Tech ID: T1136 | Read More 

Process Discovery: Understanding the environment once a system has been compromised is one of the first things attackers do in order to identify security controls in place, attack surface and so on. Being able to assess when this type of reconnaissance is happening is key to detect threats.

1200px-Mitre_Corporation_logo.svg.png|  Tech ID: T1057 | Read More 

System Network Config Discovery: In a successful compromise of a machine located in an internal network, the next step would be to try to compromise other neighbor machines. In order to do so, attackers will attempt to collect information about the network configuration of the compromised asset in order to start drawing a picture of the topology of the network.

This scenario will use the tools provided with the operating system to try to obtain the different information available about the network configuration.

1200px-Mitre_Corporation_logo.svg.png| Tech ID: T1016 | Read More 

Malicious Traffic Through Proxy: Proxies are commonly used by threat actors in order to hide the final destination of the communication, or to make the communication flow to follow trust paths. A proxy is a software that setups a listening port and forward the traffic from one port to another port, which is typically on a different host.

This scenario sends malicious traffic to an AttackIQ server, which in this case will be the host that simulates to be the proxy of a malicious organization that hides the real Command and Control server behind proxies.

1200px-Mitre_Corporation_logo.svg.png|  Tech ID: T1090 | Read More 

Spectre and Meltdown Patch Check - This scenario validates if specific patches are installed regarding Spectre and Meltdown vulnerabilities rely on Speculative Execution Side-Channel attacks, and tested patches on this scenario are...

spectre-meltdown-600x335.png | Launched 01.03.2018 


Spectre POC Exploit -

This scenario runs a Proof of Concept exploit for the Spectre vulnerability...  

spectre-meltdown-600x335.png | Launched 01.03.2018