β οΈ FOR SECURITY TESTING PURPOSES ONLY
This project provides a test executable crafted to trigger incidents in Microsoft Defender for Endpoint (MDE).
Created during my personal time, it serves as a practical tool for workshops, demonstrations, and hands-on labs focused on incident response and investigation techniques.
The executable simulates suspicious behavior that generates alerts within Microsoft Defender for Endpoint.
Ideal for controlled environments, it helps security teams practice detection, analysis, and response workflows.
Download the file and use 7-Zip to unpack it.
Password: lousec
- Do NOT run this tool in a production environment. Only run this on sandboxed or clean vm's not part of your domain!
- Always notify your security team before executing this simulation.
- This tool may trigger automated investigations or remediation actions within Defender.
- Use only in test labs or authorized red team exercises.
- This exe will invoke activity with known IOC's!
- PLEASE REFRAIN FROM UPLOADING THIS SAMPLE TO VIRUSTOTAL, Any.Run, Joe Sandbox, or similar tools.
Doing so will likely result in the sample being flagged and blocked globally, requiring extra effort to whitelist it again.
To verify the fileβs integrity and authenticity, compare its SHA256 hash before execution:
33215D3CF48F46E59E19EF124307FD5A098B3E08432ECA21820EAF4408E79EA9
Important: Download the executable only from this GitHub repository.
Avoid untrusted third-party copies.
This tool is provided as-is, with no warranties or guarantees.
The author is not liable for misuse, damage, or unintended effects.
By using this tool, you agree it is strictly for educational and simulation purposes within safe, controlled environments.
Created by Louis Mastelinck, this tool supports training and awareness around Microsoft Defender for Endpoint incident response.
It is a community-driven project with no affiliation to Microsoft.