Stackhackr : Build Your Own Mock Malware, Then Test Your Own Security

August 15, 2017 | Jack Danahy
X

Get the latest security news in your inbox.

Subscribe via Email

No thanks. Close this now.

Over the past 25 years or so, while developing a variety of security products, I’ve been asked the same question repeatedly: “Who are your competitors?” While this is a typical question that every new company is asked, it always forces me to re-examine the basic tenets of the competitive landscape with an open mind. From my experience at three different companies, there are obviously direct competitors, but there are also many things our prospective customers can choose to do in place of buying our product, which sometimes includes doing nothing at all. A successful strategy will identify and address all of these challenges.

In the same way, security leaders can benefit every time they ask themselves this same question: “Who are my competitors?” In this case, they’re competing for things like budget, urgency, priority, and always - resources. What they’re competing against are other projects, business needs, shiny new features, and most often, inertia – the tendency to just keep doing nothing. In security, it’s a challenge to gather champions, support, funding, and headcount to do anything more or anything different than what you are doing today.

At Barkly, we’re always looking for creative ways to help IT and security pros get past the reflexive resistance that exists in their organizations. We’re new, and we want to help them protect their endpoints more effectively, so why not? This desire to help them identify a need, and justify a new approach, led us to create stackhackr, a new way to surface possible vulnerabilities and gaps in their current security stacks and present leadership with data points that support the need to do more.

Since security and IT teams are amongst the most cynical evaluators, and since they typically like to do things themselves, we figured that they’d be most interested in a tool that allows them to assemble some mock malware to test the resilience of their systems. This gives them additional confidence in the test and it doesn't hurt that they are trying it out for themselves in a hands-on manner.

stackhackr free tool

What is stackhackr, and how does it work?
Stackhackr lets you create and customize your own mock malware. It simulates real malicious behavior on your machine without actually doing any harm. There are currently two mock attack payloads to choose from, and three ways to see it delivered:

  • A fileless ransomware attack: This scenario simulates deleting shadow volume copies, a common ransomware behavior designed to prevent victims from recovering encrypted files.
  • A fileless credential theft attack: This scenario simulates exfiltrating passwords stored on Windows machines in Local Security Authority Subsystem Service (LSASS.exe) memory.
  • In addition to picking your payload, you can also choose how you’d like to simulate it being delivered (via phishing, malvertising, or drive-by download), and customize elements such as choosing what the ransom screen looks like.

Why did we create stackhackr?
There aren't many good tests out there for behavioral protection. It's easy to check whether your antivirus is up-to-date or to run some file scans, but few tests allow you to see how your security will actually respond to malicious behavior.

This is an important capability because we know that the majority of today’s malware is, or can be, modified to evade traditional antivirus file-scanning tools. Many attacks go "fileless" by using exploits, abusing legitimate scripting tools like PowerShell, or streaming malicious code directly into other processes or memory. Blocking these malicious behaviors is the only way to stop these attacks before they result in damage.

By giving IT pros the ability to simulate some of these behaviors safely, without actually putting their systems at risk, our hope is that it will help them identify which areas are weak and they can use the results to verify to company leadership that they need stronger defenses.

What better test is there than to run something yourself, and what better justification for increasing your protection than using a harmless tool to find out that you are vulnerable to serious, harmful attacks? We built stackhackr to be a fun and interesting way to check out the security of your systems yourself. You’ll see how easy it is to create a new attack, and you’ll know for sure whether your protections would have stopped it.

Try stackhackr out for yourself. 

Jack Danahy

About the Author: Jack Danahy, Barkly
Jack Danahy is the co-founder and CTO of Barkly, the company advancing endpoint security by combining the strongest, smartest protection with the simplest management. A 25-year innovator in computer, network and data security, Jack was previously the founder and CEO of two successful security companies: Qiave Technologies (acquired by Watchguard Technologies in 2000) and Ounce Labs (acquired by IBM in 2009). Jack is a frequent writer and speaker on security and security issues, and has received multiple patents in a variety of security technologies. Prior to founding Barkly, he was the Director of Advanced Security for IBM, and led the delivery of security services for IBM in North America.
Read more posts from Jack Danahy ›

‹ BACK TO ALL BLOGS

Watch a Demo ›
GET PRICE FREE TRIAL