Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

What’s new

FortiTester 7.2.0 offers the following new features and enhancements: 

Support ATT&CK V10 Breach Simulation

FortiTester v7.2 comes with a new MITRE ATT&CK framework supporting MITRE matrix v10 and sub-techniques, released as beta and running concurrently with the previous v6 matrix. Users are encouraged to try and migrate to this version. Note: The two versions (v6 and v10) are not compatible. Here’s an overview of differences between different versions:

 

FortiTester v3.9/4.x/7.0/7.1

FortiTester v7.2

Comments

MITRE ATT&CK matrix version

V6

V10

 

Sub-techniques support

No

Yes

 

End point agents support

Windows only

Windows / MAC / Linux

 

Number of techniques (Abilities)

26 default

300+ total

95 default

200+ total

More updates will be made available for v10 via FortiGuard

Default Campaigns (Adversaries)

4

(Credential Dumping, Execution_Through_API, PowerShell, Scheduled_Task)

8

(Check Systems Environment, Create Exfiltrate Directory, User and Domain information Extraction, Process Enumeration, Signed Binary Proxy Execution, Find and Exfiltrate files, Install Powershell, Bypass UAC User Access control on Windows)

 

Exfiltrate files

Separate server on network

FortiTester

 

 

New ATT&CK v10 menu

MITRE v10 with sub-techniques support:

Separation of Test Case ports and physical ports

This new feature allows configuration export/import between different models.

Previous v7.2 Fortitester configuration could only be exported/imported between the same model. In v7.2 this limitation is removed, made possible with the use of Test Case ports mapping to physical ports in tests. With this change, FortiTester introduces new objects, such as port mapping and port settings.

Allocation of extra vCPUs for VMs

FortiTester v7.2 allows for the allocation of two extra vCPUs more than total licensed vCPU for system management. For example, a VM04 can use 4 vCPU for traffic generation and an extra 2 vCPU's for system management.

Support of Virtual Router in SSLVPN testing

SSLVPN case include CPS, RPS, CC and Throughput now supports Virtual Router. VR is useful in public cloud testing where IP assignment is limited (e.g. AWS public cloud). Now, many SSLVPN client IP's can be simulated using VR.

Improved Report generation time

Report generation for longer tests cases (e.g. couple of hours up to days) received improvements in report generation time.

New DNS Zone Transfer support

Added DNS-AXFR case. This simulates attacker use of AXFR zone transfer as an attack vector for DDoS attacks. This new feature establishes a TCP connection (three-way handshake), simulates a DNS zone transfer (AXFR), and closes the TCP connection.

Single Packet control for DDoS testing

In previous version DDoS tests uses system default ‘mix’ of attacks (such as SYN_flood, FIN_Flood etc). Some parameters were set and not configurable by the user. In v7.2 a new single packet case option allows an advanced configuration item to refer Single Packet Group object. This feature is used to simulate a DDoS attack, specially related to the MIRAI attacks simulation.

Supports IBM Public cloud platform

New platform IBM released for FortiTester.

New ICMP test

Added ICMP Case. This allows FortiTester to generate ICMP traffic with different settings such as packet size etc, to test DUT’s capability to parse/route ICMP traffic, offering a ‘flood’ option to send simultaneous pings within configured time interval (up to 600ms).

What’s new

FortiTester 7.2.0 offers the following new features and enhancements: 

Support ATT&CK V10 Breach Simulation

FortiTester v7.2 comes with a new MITRE ATT&CK framework supporting MITRE matrix v10 and sub-techniques, released as beta and running concurrently with the previous v6 matrix. Users are encouraged to try and migrate to this version. Note: The two versions (v6 and v10) are not compatible. Here’s an overview of differences between different versions:

 

FortiTester v3.9/4.x/7.0/7.1

FortiTester v7.2

Comments

MITRE ATT&CK matrix version

V6

V10

 

Sub-techniques support

No

Yes

 

End point agents support

Windows only

Windows / MAC / Linux

 

Number of techniques (Abilities)

26 default

300+ total

95 default

200+ total

More updates will be made available for v10 via FortiGuard

Default Campaigns (Adversaries)

4

(Credential Dumping, Execution_Through_API, PowerShell, Scheduled_Task)

8

(Check Systems Environment, Create Exfiltrate Directory, User and Domain information Extraction, Process Enumeration, Signed Binary Proxy Execution, Find and Exfiltrate files, Install Powershell, Bypass UAC User Access control on Windows)

 

Exfiltrate files

Separate server on network

FortiTester

 

 

New ATT&CK v10 menu

MITRE v10 with sub-techniques support:

Separation of Test Case ports and physical ports

This new feature allows configuration export/import between different models.

Previous v7.2 Fortitester configuration could only be exported/imported between the same model. In v7.2 this limitation is removed, made possible with the use of Test Case ports mapping to physical ports in tests. With this change, FortiTester introduces new objects, such as port mapping and port settings.

Allocation of extra vCPUs for VMs

FortiTester v7.2 allows for the allocation of two extra vCPUs more than total licensed vCPU for system management. For example, a VM04 can use 4 vCPU for traffic generation and an extra 2 vCPU's for system management.

Support of Virtual Router in SSLVPN testing

SSLVPN case include CPS, RPS, CC and Throughput now supports Virtual Router. VR is useful in public cloud testing where IP assignment is limited (e.g. AWS public cloud). Now, many SSLVPN client IP's can be simulated using VR.

Improved Report generation time

Report generation for longer tests cases (e.g. couple of hours up to days) received improvements in report generation time.

New DNS Zone Transfer support

Added DNS-AXFR case. This simulates attacker use of AXFR zone transfer as an attack vector for DDoS attacks. This new feature establishes a TCP connection (three-way handshake), simulates a DNS zone transfer (AXFR), and closes the TCP connection.

Single Packet control for DDoS testing

In previous version DDoS tests uses system default ‘mix’ of attacks (such as SYN_flood, FIN_Flood etc). Some parameters were set and not configurable by the user. In v7.2 a new single packet case option allows an advanced configuration item to refer Single Packet Group object. This feature is used to simulate a DDoS attack, specially related to the MIRAI attacks simulation.

Supports IBM Public cloud platform

New platform IBM released for FortiTester.

New ICMP test

Added ICMP Case. This allows FortiTester to generate ICMP traffic with different settings such as packet size etc, to test DUT’s capability to parse/route ICMP traffic, offering a ‘flood’ option to send simultaneous pings within configured time interval (up to 600ms).