cyb3rfox/ghost: EDR/Analyst validation tool

Source: GitHub

Author: unknown

URL: https://github.com/cyb3rfox/ghost

https://github.com/cyb3rfox/ghost

ONE SENTENCE SUMMARY:

GHOST Framework 2.0 provides zero-footprint testing of EDR solutions through versatile remote execution and multi-target orchestration capabilities.

MAIN POINTS:

1. GHOST offers a controlled, repeatable method for EDR testing using multiple remote execution methods.
2. Version 2.0 adds orchestration for multi-target testing and features like pivoting support.
3. Supports execution methods: WMI, PowerShell Remoting, and WinRS.
4. Automatic detection of best method and lateral movement targets is included.
5. Provides HTML reporting with visual dashboards for analysis.
6. Multi-target orchestration supports group-based target organization and automatic pivot discovery.
7. Interactive setup available with script Start-GHOST.ps1 for ease of use.
8. Execution methods comparison highlights best use cases for WMI, PSRemoting, WinRS, and Auto.
9. The framework uses JSON configuration files for target and credential management.
10. Includes standard, advanced, and minimal test suites for EDR validation.

TAKEAWAYS:

1. GHOST Framework leaves no footprint on target systems during testing.
2. Multi-method execution engine allows flexibility in testing environments.
3. Configuration is managed through JSON files, supporting customization for various needs.
4. Comprehensive documentation includes error troubleshooting and test pattern addition.
5. Offers robust logging and automatic path conversion for ease of use and traceability.