Senior Design Team sdmay19-19 • Offensive Security Orchestration
Problem Statement
With the current trends in Computer Security companies are no longer trying to just find and patch as many vulnerabilities as they can. Instead they want to hire security specialists that can help them test not only the security of their systems, but also their detection and response capabilities.
Therefore it is critical that any red team operation be able to simulate a real world attack as best as possible so that their clients will know how mature their security program is.
Currently our client is required to manually develop each implant and then deploy them in multiple environments to determine what functions of the implant will be identified by endpoint detection and response (EDR) solutions.
Also since they depend on prebuilt tools such as Cobalt Strike they will often be detected because the tool is already signatured.
In response our team is aiming at providing a custom solution that would not be signatured by any current EDR solutions.
Furthermore we strive to automate as much of the platform as possible so that way our client can easily deploy and tear down the project on command.
Finally we are creating an automatic way to test payloads in an environment and retrieve the identifiers that each payload leaves.
This will give our client an opportunity to discover what modifications each payload makes to an operating system, and allows them to know what is most likely to trigger an alert from an EDR solution.