firedrill is a malware simulation harness for evaluating your security controls

Last update: Dec 22, 2022

Comments: 1

firedrill 🧯

Malware simulation harness. Build native binaries for Windows, Linux and Mac simulating malicious behaviours. Test the effectiveness of your endpoint security controls against malware.

Usage

Requires Go 1.17+, GNU make.

Windows

$ make ransomware
$ ransomware.exe

Linux/bash

$ GOOS=windows make ransomware

Ransomware Simulation

The ransomware simulation is present in cmd/ransomware, you can build it using make ransomware or download the binary from from the latest release here.

This simulation involves three tasks, in this order, which is typical of a ransomware:

Encryption of files on the filesystem (only test files dropped by the binary and ).
Dropping a ransom note on the desktop.
Changing the system wallapaper through registry keys (and restoring it after some time).

The simulation is designed to be safe and does not perform any destructive actions on the system.

Owner

FourCore Labs

We are a security startup working on offensive security.

https://github.com/FourCoreLabs/firedrill

Similar Resources

Sqreen's Application Security Management for the Go language

Sqreen's Application Security Management for Go After performance monitoring (APM), error and log monitoring it’s time to add a security component int

Dec 27, 2022

A scalable overlay networking tool with a focus on performance, simplicity and security

What is Nebula? Nebula is a scalable overlay networking tool with a focus on performance, simplicity and security. It lets you seamlessly connect comp

Dec 29, 2022

How to systematically secure anything: a repository about security engineering

How to Secure Anything Security engineering is the discipline of building secure systems. Its lessons are not just applicable to computer security. In

Jan 5, 2023

Convenience of containers, security of virtual machines

Convenience of containers, security of virtual machines With firebuild, you can build and deploy secure VMs directly from Dockerfiles and Docker image

Dec 28, 2022

MQTT安全测试工具 (MQTT Security Tools)

███╗ ███╗ ██████╗ ████████╗████████╗███████╗ ████╗ ████║██╔═══██╗╚══██╔══╝╚══██╔══╝██╔════╝ ██╔████╔██║██║ ██║ ██║ ██║ ███████╗ ██║╚██╔╝█

Dec 21, 2022

gosec - Golang Security Checker

Inspects source code for security problems by scanning the Go AST.

Jan 2, 2023

One Time Passwords (OTPs) are an mechanism to improve security over passwords alone.

otp: One Time Password utilities Go / Golang Why One Time Passwords? One Time Passwords (OTPs) are an mechanism to improve security over passwords alo

Jan 7, 2023

a collection of security projects

security projects A collection of security projects that I worked on from UC Berkeley's security course (cs 161) taught by Nick Weaver. Project 1 (Exp

Nov 8, 2021

A scanner for running security-related configuration checks such as CIS benchmarks

Localtoast Localtoast is a scanner for running security-related configuration checks such as CIS benchmarks in an easily configurable manner. The scan

Dec 15, 2022

Comments

Adding Ransomware Generic Behavior

The Ransomware Generic behavior takes random files from user's desktop and downloads folder and encrypts them in a target folder left on the user's desktop. It also changes the wallpaper and leaves a ransom note.

Related tags

Security firedrill

Go binary that finds .EXEs and .DLLs on the system that don't have security controls enabled

Go Hunt Weak PEs Go binary that finds .EXEs and .DLLs on the system that don't have security controls enabled (ASLR, DEP, CFG etc). Usage $ ./go-hunt-

Oct 28, 2021

Harness Drone/CIE SonarQube Plugin with Quality Gateway

Harness Drone/CIE SonarQube Plugin with Quality Gateway The plugin of Harness Drone/CIE to integrate with SonarQube (previously called Sonar), which i

Nov 16, 2022

Web-Security-Academy - Web Security Academy, developed in GO

Feb 23, 2022

GoPhish by default tips your hand to defenders and security solutions. T

GoPhish by default tips your hand to defenders and security solutions. The container here strips those indicators and makes other changes to hopefully evade detection during operations.

Jan 4, 2023

Database security suite. Database proxy with field-level encryption, search through encrypted data, SQL injections prevention, intrusion detection, honeypots. Supports client-side and proxy-side ("transparent") encryption. SQL, NoSQL.

Database protection suite with field level encryption and intrusion detection. | Acra Engineering Examples | Documentation | Installation | Examples a