Lab 4a: Verify anti-malware real-time engine

Links have been removed and you need to manually fix spacing for malware downloads.

Step 1 Back on your jumpbox or VM system, browse to the site

https://secure.eicar. org/eicar.com

this is a good test to prove that your Threat Protection solution has the ability to prevent 'drive-by Malware downloads'.

When browsing to the site an attempt will be made to download a test file, this test file has been provided by EICAR for distribution as the „EICAR Standard Anti-Virus Test File", and it satisfies the criteria for a virus. It is safe because it is not a virus, and does not include any fragments of viral code. The Threat Protection platform reacts to it as if it were a virus.

Step 2 Click Stop.

Step 3 Now attempt to download the following mimikatz file

https://github.com/gentilkiwi/mimikatz/releases/download/2.2.0-20220919/mimikatz_trunk.zip

Mimikatz is a well-known utility for pass-the-hash, pass-the-ticket, and golden ticket in Windows. It doesn't do anything harmful automatically and on its own. However, in a production environment, even though it is available in Github, you don't really want an insider or a compromised asset to able to weaponize himself so easily

Step 4 Click Stop.

WARNING, below is real malware: Double check you are in your jumpbox environment.

Step 5 Now attempt to download Ardamax.Keylogger.zip

https:// app. box. com/s/jpvnd61i9piluld0chh4v6wu00685nz1

Step 6 Click Stop.

Viewing the Alert on the Netskope Tenant

Step 7 Returning to the Home Screen, navigate to SkopeIT > Alerts.

Step 8 On the Alerts page, add the following filter:

And then select or filter your user entry:

Step 9 Expand the event with Malware from the page and view the details as you did before.

A screenshot of a cell phone Description automatically generated œ

Step 10 Returning to the Home Screen, navigate to Incidents > Malware

Please let your instructor know that you have completed this lab.