Audit wanted me to simulate a High severity event which we have only a few such as
successful Brute Force, true DDoS (not sure what's the bandwidth) & compromised
network/firewall devices that lead to operations outage.
This is to see if the SoC responds within SLA (from Splunk alert which currently
covers Prod servers/devices) & how fast we mitigate it.
I think the easiest is to
a) install a brute force password cracker
b) create a local account not subject to GPO (eg: password doesnt get locked
despite number of failed attempts with a simple password) on a non-
critical Prod server
Any freeware tool on Windows that do brute force for Windows that anyone
can recommend? SIP Vicious or is there a free l0phtcrack ?