Microsoft released SimuLand, so what is SimuLand?
What is SimuLand?
SimuLand is an open source lab environment that replicates well-known techniques used in real attack scenarios, proactively testing and verifying the effectiveness of Microsoft 365 Defender, Azure Defender, and Azure Sentinel. However, SimuLand also extends threat research using telemetry and forensic artifacts generated after each simulation exercise.
This lab environment will provide use cases from a variety of data sources, including telemetry from Microsoft 365 Defender security products and other integrated data sources via the connector. Azure Sentinel data.
Purpose of creating SimuLand
As Microsoft builds on SimuLand and begins rolling it out into lab environments, the company will work on the following basic principles:
- Understand the basic behavior and function of the opponent profession
- Identify mitigations and attacker paths by documenting the preconditions for each of their actions
- Accelerate the design and implementation of threat research lab environments
- Stay up to date with the latest techniques and tools used by threat actors dọa
- Identify, document, and share relevant data sources to model and detect competitor actions
- Validate and adjust detectability
Process
Currently, SimuLand is available for researchers to test and improve their defenses against Golden SAML attacks that allow threat actors to forge authentication for cloud applications.
You can share your own end-to-end mock-ups by opening new issues on the SimuLand GitHub repository.
Future goals
Besides creating more attack scenarios, Microsoft will also work on some features to improve the project. List of ideas:
- A data model to record simulation steps in a more organized and standardized way
- CI/CD pipeline with Azure DevOps to deploy and maintain infrastructure
- Automate Cloud Attacks with Azure Functions
- Ability to export and share telemetry created with the InfoSec community cộng
- Integrated Microsoft Defender Evaluation Lab
Last month, the Microsoft 365 Defender Research team also released an open source cyberattack simulator called CyberBattleSim.
This simulator allows the creation of simulated network environments that model how AI-controlled network agents (threat agents) spread through the network after the initial compromise.
"The simulated attacker's goal is to take ownership of certain parts of the network by exploiting these pre-installed vulnerabilities," Microsoft explains. "While a simulated attacker moves through the network, a protection agent monitors network activity to detect the attacker's presence and prevent the attack."
You should read it
- Windows Azure will change its name to Microsoft Azure
- Microsoft demonstrated the Azure cloud platform
- Microsoft Defender ATP will be available on iOS and Android later this year
- Compare Microsoft Defender and Bitdefender
- Microsoft Defender for Endpoint encountered an error that could not be started on Windows Server
- Microsoft Defender for Business launched, mainly aimed at the small and medium business community
- What is Microsoft Azure?
- What is Microsoft Defender for Android and iPhone and should you use it?
- Microsoft Windows Azure: Explore the 'cloud' operating system
- Fix Microsoft Defender 0x80073b01 on Windows 10
- Detecting a vulnerability that makes 3,000 companies using Microsoft Azure vulnerable to hackers reading data over the past 2 years
- Windows Defender was officially renamed Microsoft Defender
Maybe you are interested
What is Microsoft Azure Certification?
Cybercriminals are using Microsoft Teams calls to commit fraud
Microsoft officially supports sharing files from iPhone to Windows using Phone Link application
Microsoft 365 Android PDF Viewer shows ads, even with subscription
10 Useful Table Formatting Tips in Microsoft Word
Here's everything Microsoft knows about your PC!