Follow

How can I trigger detections for testing purposes?

When installing or demonstrating appliances it can be useful to trigger detections.  Triggering a detection in a monitored network proves that the appliances are installed correctly, that the sensor is communicating with the brain and that packet capture is set up correctly for the test workstations.

These curl commands trigger BitCoin mining detections:

curl -A "cpuminger" http://www.google.com
curl -A “cgminer” www.google.com

The same commands as above, but using PowerShell.

powershell.exe Invoke-WebRequest "http://google.com" -UserAgent "cpuminger" -UseBasicParsing
powershell.exe Invoke-WebRequest "http://google.com" -UserAgent "cgminer" -UseBasicParsing

This 'hydra' command (part of the Kali Linux distribution) generates a Brute Force Attack detection, ensure you are using a current version of hydra.

hydra -l vectra -P /usr/share/wordlists/rockyou_500.txt ssh://10.1.0.50 –vV
Was this article helpful?
1 out of 1 found this helpful

Download PDF

Have more questions? Submit a request

0 Comments

Article is closed for comments.