Run Tests
Target
SSH Connection
Red Team
C2
Test Run Info
Required
Select Tests (0)
| Test | Risk | |
|---|---|---|
| [Discovery] User Discovery (whoami) | LOW | |
| [Discovery] Hostname | LOW | |
| [Discovery] IP Configuration | LOW | |
| [Discovery] System Information | LOW | |
| [Discovery] Network Connections | LOW | |
| [Discovery] Process List | LOW | |
| [Discovery] ARP Table | LOW | |
| [Discovery] Routing Table | LOW | |
| [Discovery] Local Users | MEDIUM | |
| [Discovery] Local Groups | MEDIUM | |
| [Discovery] Local Admins | MEDIUM | |
| [Discovery] Network Shares | LOW | |
| [Discovery] WMIC OS Info | MEDIUM | |
| [Discovery] WMIC Process | MEDIUM | |
| [Discovery] WMIC Services | MEDIUM | |
| [Discovery] Domain Trust Discovery | MEDIUM | |
| [Discovery] Security Software Discovery | MEDIUM | |
| [LOLBin] Certutil URL Download | HIGH | |
| [LOLBin] Certutil Decode | HIGH | |
| [LOLBin] BitsAdmin Download | HIGH | |
| [LOLBin] MSHTA Execution | HIGH | |
| [LOLBin] MSHTA URL Execution | HIGH | |
| [LOLBin] Regsvr32 Pattern (Squiblydoo) | HIGH | |
| [LOLBin] Rundll32 Pattern | HIGH | |
| [LOLBin] Rundll32 URL Execution | HIGH | |
| [LOLBin] MSIExec URL | HIGH | |
| [LOLBin] WScript Execution | MEDIUM | |
| [LOLBin] CScript Execution | MEDIUM | |
| [LOLBin] CMSTP Bypass | HIGH | |
| [PowerShell] PowerShell Encoded Command | HIGH | |
| [PowerShell] PowerShell Download Cradle (IEX) | HIGH | |
| [PowerShell] PowerShell Hidden WebClient | HIGH | |
| [PowerShell] PowerShell Bypass Execution Policy | HIGH | |
| [PowerShell] PowerShell Invoke-WebRequest | MEDIUM | |
| [PowerShell] PowerShell Reflection Load | HIGH | |
| [PowerShell] PowerShell Base64 Decode to File | HIGH | |
| [PowerShell] PowerShell AMSI Bypass Pattern | CRITICAL | |
| [PowerShell] PowerShell IEX with Wget | HIGH | |
| [PowerShell] PowerShell Process List | LOW | |
| [PowerShell] PowerShell Clipboard Access | MEDIUM | |
| [PowerShell] PowerShell Screenshot Test | MEDIUM | |
| [Credential] LSASS Process Access | CRITICAL | |
| [Credential] SAM Registry Access | HIGH | |
| [Credential] SECURITY Registry Access | HIGH | |
| [Credential] Cmdkey List | HIGH | |
| [Credential] Vault Query | HIGH | |
| [Credential] DPAPI Master Key Access | HIGH | |
| [Credential] Credentials Folder Enum | HIGH | |
| [Persistence] Registry Run Key Query | MEDIUM | |
| [Persistence] Registry RunOnce Query | MEDIUM | |
| [Persistence] Scheduled Tasks Query | MEDIUM | |
| [Persistence] Scheduled Task Creation | HIGH | |
| [Persistence] Service Creation Attempt | HIGH | |
| [Persistence] Startup Folder List | LOW | |
| [Persistence] WMI Persistence Check | MEDIUM | |
| [Defense Evasion] AMSI Bypass Strings | HIGH | |
| [Defense Evasion] ETW Bypass Strings | HIGH | |
| [Defense Evasion] Defender Disable Pattern | HIGH | |
| [Defense Evasion] Timestomping Pattern | MEDIUM | |
| [Defense Evasion] Hidden File Creation | MEDIUM | |
| [Defense Evasion] Alternate Data Stream | MEDIUM | |
| [Lateral Movement] PsExec Pattern | HIGH | |
| [Lateral Movement] WMI Process Create (Remote) | CRITICAL | |
| [Lateral Movement] WinRM Command Pattern | MEDIUM | |
| [Lateral Movement] Net View | MEDIUM | |
| [Lateral Movement] Net Session | MEDIUM | |
| [Lateral Movement] Net Use | MEDIUM | |
| [Lateral Movement] Remote Service Pattern | HIGH | |
| [Ransomware] Shadow Copy List | HIGH | |
| [Ransomware] Shadow Copy Delete Pattern | CRITICAL | |
| [Ransomware] BCDedit Pattern | HIGH | |
| [Ransomware] BCDedit Query | MEDIUM | |
| [Injection] Process Injection APIs | HIGH | |
| [Injection] DLL Injection Patterns | HIGH | |
| [Command & Control] DNS Exfiltration Test | MEDIUM | |
| [Command & Control] Beaconing Pattern | MEDIUM | |
| [Command & Control] Suspicious DNS Query | MEDIUM | |
| [File Operations] Sensitive File Access (SAM) | HIGH | |
| [File Operations] Sensitive File Access (SYSTEM) | HIGH | |
| [File Operations] Copy System File | MEDIUM | |
| [File Operations] File Attributes Query | LOW | |
| [Network] Ping Sweep | MEDIUM | |
| [Network] Firewall Status | MEDIUM | |
| [Network] WLAN Profiles | MEDIUM | |
| [Execution] Curl Download | MEDIUM | |
| [Execution] WMIC Process Call Create | CRITICAL | |
| [Execution] Office Macro Simulation | CRITICAL | |
| [Enumeration] Loaded Drivers | LOW | |
| [Enumeration] Environment Variables | LOW | |
| [Enumeration] Event Log Query | MEDIUM | |
| [LOLBin] Certutil Download | HIGH | |
| [LOLBin] BitsAdmin Download | HIGH | |
| [LOLBin] MSHTA Execution | HIGH | |
| [LOLBin] Regsvr32 Test | HIGH | |
| [Persistence] Registry Run Key | HIGH | |
| [Persistence] Scheduled Tasks Query | MEDIUM | |
| [Discovery] User Discovery | LOW | |
| [Discovery] System Information | LOW | |
| [Discovery] Network Connections | LOW | |
| [Discovery] Process List | LOW | |
| [Discovery] Network Configuration | LOW | |
| [Discovery] ARP Table | LOW | |
| [Execution] WMIC Process List | MEDIUM | |
| [Execution] WMIC OS Info | MEDIUM | |
| [File] File Copy Pattern | MEDIUM | |
| [File] File Attributes | LOW | |
| [Network] Net User Enum | MEDIUM | |
| [Network] Local Group Enum | MEDIUM | |
| [Network] Network Shares | LOW | |
| [Network] Network Sessions | LOW | |
| [Custom] Example Custom Test | LOW | |
| [Custom] Example Network Test | MEDIUM |
Execution
0
Executed
0
Blocked
0
Errors
0
Total
Live Log
Waiting for test run to start...