Flightsim – Network Flight Simulator

0
0

Network security devices may have some malfunctioning or not getting the correct traffic that allows the incident response team detect suspicious or malicious connection. During the first phase of purchasing network security monitoring and  forensics product it will be important to test the detection and see if there is alerting for suspicious attack. If you are looking to generate or simulate malicious traffic you can check flightsim.

flightsim is a lightweight utility used to generate malicious network traffic and help security teams to evaluate security controls and network visibility. The tool performs tests to simulate DNS tunneling, DGA traffic, requests to known active C2 destinations, and other suspicious traffic patterns.

Flightsim - Network Flight Simulator

Flightsim – Network Flight Simulator

The tool support windows , Mac and linux systems and by executing all modules you will have the following attack simulation:

  • c2-dns Generates a list of current C2 destinations and performs DNS requests to each
  • c2-ip Connects to 10 random current C2 IP:port pairs to simulate egress sessions
  • Dga Simulates DGA traffic using random labels and top-level domains
  • Hijack Tests for DNS hijacking support via ns1.sandbox.alphasoc.xyz
  • Scan Performs a port scan of 10 random RFC 1918 addresses using common ports
  • Sink Connects to 10 random sinkholed destinations run by security providers
  • Spambot Resolves and connects to random Internet SMTP servers to simulate a spam bot
  • Tunnel Generates DNS tunneling requests to *.sandbox.alphasoc.xyz

After running the test you can find the event logs by time and this is displayed on the console so you may verify your SIEM or Network security device to check you have the appropriate alarm.

You can read more and download this tool over here: https://github.com/alphasoc/

Share