Train your Threat Hunting Skills

One of my best friends, my partner in conferences, books, family friend Milad Aslaner wrote a great PowerShell simulation which can help you train your Threat Hunting skills. The good news is its completley FREE , below are the details and download link :

Introduction

ThreatHunt is a simple PowerShell repository that allows you to train your threat hunting skills. ThreatHunt allows you to simulate a variety of attack techniques and procedures without leveraging malicious files. ThreatHunt is not an penetration system tool or framework but instead a very simply way to raise security alerts that help you to train your threat hunting skills.

Screenshot

Train your Threat Hunting Skills
Train your Threat Hunting Skills

Scenario

Let’s say you just got started in your career as a threat hunter or you are a threat hunter already but your organization got a new Endpoint Detection Response (EDR) or Security Information and Event Management (SIEM). In both cases you will want to have a safe harbour where you can raise security alerts and start analzying the data. This is where ThreatHunt can come handy as there are no malicious files but simply simulates tons of somewhat suspiscious activities.

Prerequisites

  1. ThreatHunt has been tested with Windows 10 1809+. However it is likely that it will work with most Windows 10 versions.
  2. Security tempering script is based on Microsoft Defender ATP suite (Attack Surface Reduction, Antivirus and Endpoint Detection Response (EDR)).
  3. ThreatHunt doesnt teach you hacking. Therefore for some scenarios you need to supply domain credentials (username, password), IP address ranges and O365 email credentials (e-mail address and password).

3rd-party Tools and Files

ThreatHunt installs and leverages some 3rd-party tools and files such as PSExec, NMAP, EICAR test files etc. All of these are subject to the license terms of the respective intellectual property owner.

Known Issues

  1. Cleanup.ps1 configures ASR rules into AuditMode. If ASR rules previously were Disabled please manually adjust.

Disclaimer

While there are no malicious files inside this GitHub repositroy its important to call out that you are responsible for your environment. Make sure to assess any tools you deploy wisely before using in production environments.

Some of the activities are very simplified. As an example one step is copying calc.exe under C:\Windows\System32 as mimikatz.exe to a network share. Again, this isnt about using malicious files but to simply generate noise that can be used to train threat hunting skills.

Download here : https://github.com/MiladMSFT/ThreatHunt.git

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Posts

CISO

CISOs End to End Security Operations – ( Part 2) Powerful Tips

CISOs End to End Security Operations This is the second part of the article, you can read the first part from... read more
Cybersecurity Strategy for Cyber- Defenders by Erdal Ozkaya

Cybersecurity Strategy for Cyber Defenders – Free VIDE0

Cybersecurity Strategy for Cyber Defenders Hear Microsoft Cybersecurity Architect Dr Erdal Ozkaya discuss current threats and what to do with them.... read more

Recommended by Hacker News – 1

Recommended by Hacker News The Hacker News has just recommended, our book "Cybersecurity Attack and Defense Strategies" which we wrote with... read more
Vulnerability Scanner Tools

Top 10 Paid and Free Vulnerability Scanner Tools 2022

Top 10 Paid and Free Vulnerability Scanner Tools 2022 There are many tools that you can use to scan your organizations... read more
CISO -Cybersecurity Hero Erdal

CISO Challenges to learn from – Watch 4 Free

CISO Challenges to learn from - Watch 4 Free Watch in you Tube  https://youtu.be/0nOpEwMyAyY  https://www.youtube.com/watch?v=0nOpEwMyAyY       (more…) read more

Effective cybersecurity strategies -Learn 4 Free

Effective cybersecurity strategies With cybercrime on the rise, companies have started adopting the hard ways of preventing system breaches. Cybersecurity has... read more

Speaking at TechEd North America 14

Speaking at TechEd North America I am proud to announce I will be speaking at Microsoft TechEd North America this year... read more
Combatting cybercriminals GISEC Erdal Ozkaya

Combatting cybercriminals banking on financial vulnerabilities : GISEC Free Event 2020

Combatting cybercriminals banking on financial vulnerabilities Unprecedented 238% spike reported in cyberattacks against banks and financial institutions from February to April... read more
E-Crime and Cybersecurity Congress Congress Erdal Ozkaya

E-Crime and Cybersecurity Congress in Dubai (12th- join us Free )

E-Crime and Cybersecurity Congress in Dubai 10th March 2020 Securing citizens and stakeholders: Governments and corporations must provide next-generation service with security built... read more
SuperHero Erdal Ozkaya

New Normal and Tech Shift 2020 Free Online Summit

New Normal and Tech Shift 2020 Online Web Summit - Delivering a Session on Cybersecurity  Join us at the #newnormal and... read more