The purpose of generate telemetry data and see detctions in action .
- Kali Commands as Pen testing .
- Generating Telemtry data for detections ( Bruteforcing attack)
- View Telemetry in splunk
- Atomic Red Team Installtion and setup - Run Atomic Tests
- Splunk
- Kali
- Crowbar for bruteforcing attacks
- ART
Setup & assign static IP to kali 192.168.10.250 as per diagram
Check Connectivity using ping commands : ping google.com and ping 192.168.10.1o ( Our Splunk Sevrer) if you get reply all good !
Update and Upgrade Kali Repo's using commands sudo apt-get update && sudo pat-get upgrade -y
Create New Directory using command mkdir ad-project in Desktop Folder
Install tool crowbar on Desktop command using sudo apt-get install -y crowbar
This package contains Crowbar (formally known as Levye). It is a brute forcing tool that can be used during penetration tests
Read More
Using rockyou wordlist location /usr/sahre/wordlists
Unzip file using gunzip command : sudo gunzip rockyou.txt.gz
Copy file rockyou.txt to /Desktop/ad-project direcotry cp rockyoiu.txt ~/Desktop/ad-project
Use only first 20 lines instead of using whole file that is huge in size use command head -n 20 > password.txt ( output to txt file)
Add a more password to file using sudo nano passwords.txt
Save CTRL+X Then Y Press Enter.
Enable RDP in Win10 Target Machine
Search PC then click on Properties
User Click ADD
Add user jenny smith and terry smith we created earlier . After typing user click check names
Use Crowbar for bruteforcing attack
Check in SPlunk What telemtry generated from the above bruteforcing activity.
Check for index=endpoint tsmith user we used for attack then event id 4625 failed sttempts .
Note : Check event timing happening rapidly clear indication of brute force attempts then check event id 4624 successful login will show 1 event.
