Fortinet black logo

Administration Guide

Home FortiTester 7.2.0 Administration Guide
7.2.0
7.4.1
7.4.0
7.3.2
7.3.0
7.2.3
7.2.2
7.2.1
7.2.0
7.1.0
7.0.0

MITRE ATT&CK v10+ Breach simulation cookbook

MITRE ATT&CK v10+ Breach simulation cookbook

ATT&CK abilities

To view ATT&CK abilities, go to ATT&CK v10+ > Maintenance > View Abilities. The Viewing Abilities page shows the atomic actions that the adversary is allowed to perform. Steps are the main way in which you can change the behavior of your adversary. Double click any ability and you will see ability details such as the executor, payloads, and command, etc.

These attacks are updated according to subscription services.

ATT&CK v10+ has a rich variety of different techniques, as can be seen below.

To run a MITRE ATT&CK case:

  1. Download lightweighted windows agents onto hosts.

    To install Fortiagent onto windows, administrative rights are required.

  2. Go to Maintenance > Resources to find the agents and download the one for use. These are installed under FortiAgent folders. Note: Administration rights are required to install the agent.

  3. Download conf.yml and put conf.yml in "C:\Users\Public\".

  4. The installation service will bring up the command box. Run the following command to install FortiAgent:

    fortiagent-windows.exe --startup auto --username xxxxx --password xxxxx install

    Run the following command to start FortiAgent:

    fortiagent-windows.exe start

  5. After agents are installed they will appear under Monitor > Agent Monitor in FortiTester.

  6. Now install the second agent on the window's server.

  7. Go to Maintenance > Resources to download the agents onto your PC, then go to the FortiAgent folder and install it.

  8. After FortiAgent is successfully started on the target hosts, it is listed on Agent Monitor page on FortiTester (ATT&CK v10+ > ATT&CK Cases > Monitor).

Using attack cases

To run ATT&CK v10+ cases, you will need to click on the ATT&CK icon in the GUI upon login, then create a few test cases using the techniques required for this example, as below.

To run an ATT&CK v10+ case, go to ATT&CK v10+ Cases > ATT&CK Cases and select one of the tests. Then click Run Now.

As FortiTester is running this test, click on the top right for the statistics metric.

Find and exfiltrate files testing

After the test is run successfully, FortiTester will retrieve various files from the user's PC.

InstallPowerShell testing

The hacker has the ability to install PowerShell on the victim's computer to run, to prepare for the next attack.

PowerShell has been installed in target hosts.

CheckSystemsEnvironment testing

This ability used to extract information related to victim’s computer.

Previous
Next

MITRE ATT&CK v10+ Breach simulation cookbook

ATT&CK abilities

To view ATT&CK abilities, go to ATT&CK v10+ > Maintenance > View Abilities. The Viewing Abilities page shows the atomic actions that the adversary is allowed to perform. Steps are the main way in which you can change the behavior of your adversary. Double click any ability and you will see ability details such as the executor, payloads, and command, etc.

These attacks are updated according to subscription services.

ATT&CK v10+ has a rich variety of different techniques, as can be seen below.

To run a MITRE ATT&CK case:

  1. Download lightweighted windows agents onto hosts.

    To install Fortiagent onto windows, administrative rights are required.

  2. Go to Maintenance > Resources to find the agents and download the one for use. These are installed under FortiAgent folders. Note: Administration rights are required to install the agent.

  3. Download conf.yml and put conf.yml in "C:\Users\Public\".

  4. The installation service will bring up the command box. Run the following command to install FortiAgent:

    fortiagent-windows.exe --startup auto --username xxxxx --password xxxxx install

    Run the following command to start FortiAgent:

    fortiagent-windows.exe start

  5. After agents are installed they will appear under Monitor > Agent Monitor in FortiTester.

  6. Now install the second agent on the window's server.

  7. Go to Maintenance > Resources to download the agents onto your PC, then go to the FortiAgent folder and install it.

  8. After FortiAgent is successfully started on the target hosts, it is listed on Agent Monitor page on FortiTester (ATT&CK v10+ > ATT&CK Cases > Monitor).

Using attack cases

To run ATT&CK v10+ cases, you will need to click on the ATT&CK icon in the GUI upon login, then create a few test cases using the techniques required for this example, as below.

To run an ATT&CK v10+ case, go to ATT&CK v10+ Cases > ATT&CK Cases and select one of the tests. Then click Run Now.

As FortiTester is running this test, click on the top right for the statistics metric.

Find and exfiltrate files testing

After the test is run successfully, FortiTester will retrieve various files from the user's PC.

InstallPowerShell testing

The hacker has the ability to install PowerShell on the victim's computer to run, to prepare for the next attack.

PowerShell has been installed in target hosts.

CheckSystemsEnvironment testing

This ability used to extract information related to victim’s computer.

Previous
Next