Stackhackr : Build Your Own Mock Malware, Then Test Your Own Security

Over the past 25 years or so, while developing a variety of security products, I’ve been asked the same question repeatedly: “Who are your competitors?” While this is a typical question that every new company is asked, it always forces me to re-examine the basic tenets of the competitive landscape with an open mind. From my experience at three different companies, there are obviously direct competitors, but there are also many things our prospective customers can choose to do in place of buying our product, which sometimes includes doing nothing at all. A successful strategy will identify and address all of these challenges.

In the same way, security leaders can benefit every time they ask themselves this same question: “Who are my competitors?” In this case, they’re competing for things like budget, urgency, priority, and always - resources. What they’re competing against are other projects, business needs, shiny new features, and most often, inertia – the tendency to just keep doing nothing. In security, it’s a challenge to gather champions, support, funding, and headcount to do anything more or anything different than what you are doing today.

At Barkly, we’re always looking for creative ways to help IT and security pros get past the reflexive resistance that exists in their organizations. We’re new, and we want to help them protect their endpoints more effectively, so why not? This desire to help them identify a need, and justify a new approach, led us to create stackhackr, a new way to surface possible vulnerabilities and gaps in their current security stacks and present leadership with data points that support the need to do more.

Since security and IT teams are amongst the most cynical evaluators, and since they typically like to do things themselves, we figured that they’d be most interested in a tool that allows them to assemble some mock malware to test the resilience of their systems. This gives them additional confidence in the test and it doesn't hurt that they are trying it out for themselves in a hands-on manner.

What is stackhackr, and how does it work?
Stackhackr lets you create and customize your own mock malware. It simulates real malicious behavior on your machine without actually doing any harm. There are currently two mock attack payloads to choose from, and three ways to see it delivered:

• A fileless ransomware attack: This scenario simulates deleting shadow volume copies, a common ransomware behavior designed to prevent victims from recovering encrypted files.
• A fileless credential theft attack: This scenario simulates exfiltrating passwords stored on Windows machines in Local Security Authority Subsystem Service (LSASS.exe) memory.
• In addition to picking your payload, you can also choose how you’d like to simulate it being delivered (via phishing, malvertising, or drive-by download), and customize elements such as choosing what the ransom screen looks like.

Why did we create stackhackr?
There aren't many good tests out there for behavioral protection. It's easy to check whether your antivirus is up-to-date or to run some file scans, but few tests allow you to see how your security will actually respond to malicious behavior.

This is an important capability because we know that the majority of today’s malware is, or can be, modified to evade traditional antivirus file-scanning tools. Many attacks go "fileless" by using exploits, abusing legitimate scripting tools like PowerShell, or streaming malicious code directly into other processes or memory. Blocking these malicious behaviors is the only way to stop these attacks before they result in damage.

By giving IT pros the ability to simulate some of these behaviors safely, without actually putting their systems at risk, our hope is that it will help them identify which areas are weak and they can use the results to verify to company leadership that they need stronger defenses.

What better test is there than to run something yourself, and what better justification for increasing your protection than using a harmless tool to find out that you are vulnerable to serious, harmful attacks? We built stackhackr to be a fun and interesting way to check out the security of your systems yourself. You’ll see how easy it is to create a new attack, and you’ll know for sure whether your protections would have stopped it.

Try stackhackr out for yourself.