I’ve added three more security testing options to my free script here:
https://github.com/directorcia/Office365/blob/master/sec-test.ps1
The Word document Backdoor drop will download and open a Word document that contains a macro that will itself, download an EXE file to the desktop.
The PowerShell script fileless attack if successful will open Notepad.exe on the device.
The Dump credentials using SQLDumper.exe will download the SQL utility SQLDumper.exe and use that to try and dump the credentials from the the system LSASS.EXE process.
All the tests are benign and designed to firstly, test your environment again common breach techniques and secondly, to generate alerts in your environment to ensure your protection is correctly configured.
It is getting hard for me to determine all the outcomes of these tests, so I’d love to hear any feedback you have on your own results so I can improve the script. Also, if you have any suggestions for what tests you’d like to see included please let me know.
CIAOPS 