Microsoft has released SimuLand, an open-source lab environment that allows to reproduce the techniques used in real attack scenarios. The tool could be used to test and improve Microsoft solutions, including Microsoft 365 Defender, Azure Defender, and Azure Sentinel defenses against real attack scenarios.
“SimuLand is an open-source initiative by Microsoft to help security researchers around the world deploy lab environments that reproduce well-known techniques used in real attack scenarios, actively test and verify effectiveness of related Microsoft 365 Defender, Azure Defender and Azure Sentinel detections, and extend threat research using telemetry and forensic artifacts generated after each simulation exercise.” reads the announcement published by Microsoft.
“These lab environments will provide use cases from a variety of data sources including telemetry from Microsoft 365 Defender security products, Azure Defender and other integrated data sources through Azure Sentinel data connectors.”
The project has a modular structure, each module can be re-used to test combinations of attacker actions using different lab environment designs.
Microsoft has also released a lab environment for SimuLand that focuses on Golden SAML attacks, the IT giant plans to release new ones in the future. Anyway, Microsoft is inviting security experts to contribute to the creation of new lab environments and improved detection rules for the attack scenario they have shared.
“Every simulation plan provided through this project is research-based and broken down into attacker actions mapped to the MITRE ATT&CK framework.” reads a blog post published by Microsoft. “The goal of the simulate and detect component is to also summarize the main steps used by a threat actor to accomplish a specific object and allow security researchers to get familiarized with the attacker behavior at a high level.”
Follow me on Twitter: @securityaffairs and Facebook
[adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – hacking, Simuland)
[adrotate banner=”5″]
[adrotate banner=”13″]
The FBI, UK National Crime Agency, and Europol revealed the identity of the admin of…
MITRE published more details on the recent security breach, including a timeline of the attack…
Alexander Vinnik, a Russian operator of virtual currency exchange BTC-e pleaded guilty to participating in…
The City of Wichita in Kansas was forced to shut down its computer systems after…
Resecurity found a massive leak involving the exposure of personally identifiable information (PII) of over…
Finland's Transport and Communications Agency (Traficom) warned about an ongoing Android malware campaign targeting bank…
This website uses cookies.