Dead simple to set up. Seems solid operationally. About to use it on a Purple Team exercise for DNS C2 detections.
Sliver | BishopFox | #cososec
@ghostrodeo This is tool is on my list for the same purpose, as well. So. Many. Toys. I was planning on doing a compare and contrast with a couple of other frameworks, as well. I'm a bit n00bish, so I may be biting off more than I can chew. #cososec #redteam #purpleteam
@scottlink nice. I need to take Mythic for a spin as well . It will get interesting when it comes time to bypass EDRs :)
@ghostrodeo Yeah. Also a test for any UEBA/ML type tooling. I fully expect EDR to catch out-of-the-box with signatures, but it's gotta be tested. I'm in process of finding a counterpart on the SOC team to work with to make the exercise 'purple': "Okay, here's the basic config. Didja see it? Okay, let's try w/some obfuscation...", etc.
@scottlink exactly. Purple Teaming with the SOC is immediate value. No waiting for a report. Detections are in place before you walk out the door. It’s my favorite. I agree. The key is getting the SOC on board and excited. They are so used to us vs them.