n0dec | Security

About

Security Researcher | Malware Analyst
Very passionate about InfoSec world and programming.

Telecommunication Engineer and Cybersecurity master degree.

malwless simulation tool

Github
Rule converter

Download

Usage:

> malwless.exe -r your_rule_set.json

Sample output:

MalwLess Simulation Tool v1.1
Author: @n0dec
Site: https://github.com/n0dec/MalwLess

[Rule test file]: rule_test.json
[Rule test name]: MalwLess default
[Rule test version]: 0.3
[Rule test author]: n0dec
[Rule test description]: MalwLess default test pack.

[>] Detected rule: rules.vssadmin_delete_shadows
... Source: Sysmon
... Category: Process Create
... Description: Deleted shadows copies via vssadmin.
[>] Detected rule: rules.certutil_network_activity
... Source: Sysmon
... Category: Network connection detected
... Description: Network activity from certutil tool.
[>] Detected rule: rules.powershell_scriptblock
... Source: PowerShell
... Category: 4104
... Description: Powershell 4104 event for Invoke-Mimikatz.

Security site.

About

Blogs

malwless simulation tool

Usage:

Sample output: