Adversary Emulation: Nefilim Ransomware vs. Security Onion

Any self-respecting present-day modern organization seeks cost-effective technology or tools that provide them with direct visibility and swift response to the events in their network. A reliable and stable proprietary software can come at an exorbitant price tag; therefore, the need to pursue alternative and more economical solutions arise. As attackers evolve rapidly and become more sophisticated, the need for robust detection and response capabilities to counter the threats is no longer considered an organization’s luxury but has now become an absolute prerequisite. This study enumerates various Open-Source SOC tools that a firm can implement to identify, evaluate, and respond to cybersecurity issues in an enterprise network. Adversary Emulation, which mimics the behavior of Nefilim Ransomware was conducted in a test environment where the sensors are deployed, and the effectiveness of each tool in every stage of the attack is meticulously documented.