Triggering detections for testing purposes

This article shows some ways to trigger a Cyptocurrency Mining (like Bitcoin mining for example) or Brute-Force Detection to quickly see if your system is working properly.

When installing or demonstrating appliances it can be useful to trigger detections. Triggering a detection in a monitored network proves that the appliances are installed correctly, that the sensor is communicating with the brain and that packet capture is set up correctly for the test workstations.

Cryptocurrency Mining Detection

These curl commands trigger BitCoin mining detection:

curl -A "cpuminger" http://www.google.com
curl -A “cgminer” www.google.com

Please note: For this to work properly, HTTP traffic must be visible to the Vectra Sensor. If you are using a web proxy client, such as Zscaler, it may not function properly.

The same commands as above, but using PowerShell:

powershell.exe Invoke-WebRequest "http://google.com" -UserAgent "cpuminger" -UseBasicParsing
powershell.exe Invoke-WebRequest "http://google.com" -UserAgent "cgminer" -UseBasicParsing

Another option for PowerShell:

curl -UserAgent "cpuminger" http://www.google.com

Brute-Force Detection

This 'hydra' command (part of the Kali Linux distribution) generates a Brute-Force detection. Ensure you are using a current version of hydra.

First, you should uncompress the rockyou wordlist.

sudo gunzip /usr/share/wordlists/rockyou.txt.gz

Then, you can launch hydra using the rockyou wordlist.

hydra -l vectra -P /usr/share/wordlists/rockyou.txt ssh://10.1.0.50 –v

PreviousMonitoring honeypot (honeytoken) identities NextTCP reset does not stop modern attacks

Last updated 1 month ago

Was this helpful?

Good evening

hashtagCryptocurrency Mining Detection

hashtagBrute-Force Detection

Cryptocurrency Mining Detection

Brute-Force Detection