This August we publicly released one of our internal tools, StealthGuardian, at Black Hat USA 2024.
In this post you will find further information about our tool and how it can be used to assist in Attack Simulation exercises. Additionally, you will find references to our public GitHub repository with information about how StealthGuardian can easily be integrated with your Adversary Simulation toolkit of choice.
In our repository we feature an example integration to Fortra’s Cobalt Strike threat emulation tool and Microsoft Windows Defender.
About StealthGuardian
StealthGuardian is a middleware layer that can be combined with adversary simulation tools to verify the resistance, detection level and behaviour detection of executed actions against defined defence mechanisms. Based upon the results the tool decides if it would be safe to execute the action or let the Red Team know that the action has been detected.
The tool has been developed to assist Red Teams during adversary simulations and automatically executes actions against a sandbox, e.g. integrating the same defence mechanisms as the target, and analyse the detection level of the executed action by observing logfiles and alarm messages of defence tools.
StealthGuardian in Action
In the below video we demonstrate a common usage of StealthGuardian. We feature additional usage tutorials in our GitHub repository.
Black Hat USA 2024 Arsenal Presentation
StealthGuardian has been presented at Black Hat USA 2024 in Las Vegas – In the below video we give an introduction to its inner working and design:
Contribute
We have released StealthGuardian to our GitHub repository where you can find further instructions on how the tool can be installed, used and easily be integrated with your Adversary Simulation toolkit of choice.
We are looking forward to your contributions and discussions.
Get in Touch
We have presented StealthGuardian at Black Hat USA in Las Vegas. If you couldn’t make it we can also arrange a virtual presentation of the tool and give an introduction to our Attack Simulation and Penetration Testing services.