ThreatHunt is a simple PowerShell repository that allows you to train your threat hunting skills. ThreatHunt allows you to simulate a variety of attack techniques and procedures without leveraging malicious files. It is not a penetration system tool or framework but instead a very simple way to raise security alerts that help you to train your threat hunting skills.
Let’s say you just got started in your career as a threat hunter or you are a threat hunter already but your organization got a new Endpoint Detection Response (EDR) or Security Information and Event Management (SIEM). In both cases, you will want to have a safe harbor where you can raise security alerts and start analyzing the data. This is where ThreatHunt can come handy as there are no malicious files but simply simulates tons of somewhat suspicious activities.
- ThreatHunt has been tested with Windows 10 1809+. However, it is likely that it will work with most Windows 10 versions.
- Security tempering script is based on Microsoft Defender ATP suite (Attack Surface Reduction, Antivirus and Endpoint Detection Response (EDR)).
- ThreatHunt doesn’t teach you hacking. Therefore for some scenarios you need to supply domain credentials (username, password), IP address ranges and O365 email credentials (e-mail address and password).
git clone https://github.com/MiladMSFT/ThreatHunt.git
Copyright (c) 2019 Milad Aslaner
The post ThreatHunt: PowerShell repository to train your threat hunting skills appeared first on Penetration Testing.