APTSimulator – Toolset to Simulate APT Attack

Preparing the use cases and attack scenario is becoming the first step before even purchasing the security solution this include anti-viruses, network intrusion detection and prevention system or even SIEM solution. the test will be simulating attack, running some fake alerts or just scanning the network and endpoint. the most important is to be sure that you have the correct alarms in place and after that you can document some alarms classification in place. If you are looking for an automated testing you can check APTSimulator.

APT Simulator is a Windows Batch script that uses a set of tools and output files to make a system look as if it was compromised. In contrast to other adversary simulation tools, APT Simulator is designed to make the application as simple as possible. You don’t need to run a web server, database or any agents on set of virtual machines. Just download the prepared archive, extract and run the contained Batch file as Administrator. Running APT Simulator takes less than a minute of your time.

Use Cases

  • POCs: Endpoint detection agents / compromise assessment tools
  • Test your security monitoring’s detection capabilities
  • Test your SOCs response on a threat that isn’t EICAR or a port scan
  • Prepare an environment for digital forensics classes
APTSimulator - Toolset to Simulate APT Attack

APTSimulator – Toolset to Simulate adversary activity, without malwares

There is a very large list of test cases that will allow user to check the following:

  1. Collection for example drop directory listing
  2. Command and Control such as Curl to C2 servers
  3. Credentials accessusing Mimikatz and other method
  4. Defense Evasion for example activating the guest account on windows system or adding guest user to local admin group
  5. Discovery and this will run scan with a predefined settings.
  6. Execution where the script will drop a remote execution tool to the working directory.
  7. Persistence by creating a job that runs mimikatz and dumps credentials to file or schedule a task.

The use case that is still not implemented and covered with APTSimulator is literal movement. You can read more and download this tool over here: https://github.com/NextronSystems/

Notify of
Inline Feedbacks
View all comments