This is for testing purposes:

Currently trying to better secure my network environment with ASR rules. Had them in audit and now to block mode. I am documenting potential attack vectors so that I can understand how the rules are triggered. Was wondering if anyone would know any test cases to trigger a child process via Adobe reader (ASR rule) **without the use of Metasploit payload**. Any help greatly appreciated.

​

Background info: There is not documentation available to the cybersecurity community on how to test ASR rules by triggering them. I hope to be able to publish a documentation so that other professionals can test on their own and understand the rules they are implementing on a closer level.

Share This Discussion

Leave a Comment

Note: By filling this form and submitting your commen, you acknowledge, agree and comply with our terms of service. In addition you acknowledge that you are willingly sharing your email address with AiOWikis and you might receive notification emails from AiOWikis for comment notifications. AiOWiksi guarantees that your email address WILL NOT be used for advertisement or email marketting purposes.

This site uses Akismet to reduce spam. Learn how your comment data is processed.