search

SecurityRiskAdvisors / VECTR

VECTR is a tool that facilitates tracking of your red and blue team testing activities to measure detection and prevention capabilities across different attack scenarios
1.37k stars 162 forks source link

Add delay between test case and cleanup #234

Open zaicurity opened 1 year ago

zaicurity commented 1 year ago

Hello, As mentioned in https://github.com/SecurityRiskAdvisors/VECTR/issues/227 I would like to suggest adding a short delay between test case execution and cleanup execution within the runtime. The purpose would be to prevent issues with cleanup that may arise when cleanup is executed immediately after the test case. Examples of cleanups that can currently suffer from this are cleanups that terminate processes which were launched by the test case or removal of files that were created.

This could either be a configurable delay similar to how the delay between test cases is implemented or a hard-coded delay of a few seconds. In our testing a two second delay seemed sufficient.

dsolstad commented 2 months ago

Agree. I run the cleanup commands manually to get the time to view the evidence of a successful test, such as verifying created files, registery changes etc.