Windows Host
ExtensionWindows Host
A Steadybit extension to discover Windows hosts and attack them.ExtensionWindows Host
ExtensionWindows Host
A Steadybit extension to discover Windows hosts and attack them.Extension
Go back to listYouTube content is not loaded by default for privacy reasons.
Introduction
With this extension you are able to discover and attack your Windows hosts in different ways, like modifying network traffic or shutting down processes.
The extension's networking attacks are based on the network driver provided alongside the extension. The driver is not persistent and is only active during the duration of the attack. The driver passed all of the HLK tests, assuring safety.
Beta Release
Microsoft is in the process of signing the driver; until then, test signing must be enabled on the machine. Check the installation guide for more information.
In case you're looking for support of Linux hosts, check out our Linux Host extension.
Windows host losing network connection is detected by Datadog
When a host suddenly loses connection to the network and your system, Datadog should alert about this. Eventually, everything should recover once the network is back again.
Motivation
When you're working in a less volatile system environment, a loss of network can be crucial as there is likely no backup host that will enable faster recovery. Thus, you should check your observability tools to catch this.
Structure
Before blocking a host from the network, we verify that the Datadog monitor is in an ok state Afterward, we block all traffic to and from a host and expect Datadog to alert about the isolated host. Eventually, when the host is online again, we expect Datadog to turn into an OK state again. While experimenting, we create a downtime for the Monitor so that it will not escalate due to the ongoing alert.
Windows host reboot is alerted by Datadog
When a windows host is suddenly missing from your system, Datadog should alert you to this. Eventually, everything should recover when only rebooting the host.
Motivation
When you're working in a less volatile system environment, where you expect hosts always to run, you should validate whether you notice whenever a host is rebooting.
Structure
Before restarting a host, we verify that the Datadog monitor is in an ok state Afterward, we trigger the shutdown of a host and expect Datadog to alert about the missing host. Eventually, the host should come back and Datadog turn into an OK state again. While experimenting, we create a downtime for the Monitor so that it will not escalate due to the ongoing alert.
Latency progressively increases for a Windows Host
Latency of a Host progressively increases to analyse at which point the communication breaks. Additionally, you may want to add one of our observability checks.
Structure
We start by adding a 250ms latency on the host's outgoing traffic for 30 seconds. Next, we stepwise increase the latency to 500ms, 750ms, and 1s - each for 30 seconds. In between, we have small wait steps to ease analysis in external observability tools for each phase.
