SimuLand

2021: Announcement of a free tool for testing the security of systems against cyber attacks

At the end of May 2021, Microsoft introduced a free open source test lab environment that allows cybersecurity specialists to check the protective features of 365 Defender, Azure Defender and Azure Sentinel against real cyber attacks.

The tool SimuLand created to analyze the behavior of cybercriminals, determine how to protect computer systems, accelerate the development and launch of laboratory environments for threat research, as well as to inform IB experts about relevant technologies and tools of criminals, detect, document and exchange relevant data sources for modeling and detection of hackers.

Microsoft has released a free tool to test the security of systems against cyber attacks SimuLand

So far, the only laboratory environment available for launch allows IB experts to test and improve protection against Golden SAML attacks, in which hackers attack the Microsoft Active Director Federation Services (AD FS) authentication system.

According to Microsoft, its tool allows researchers to "model the behavior of an attacker intending to steal an AD FS token signature certificate from a" local "AD FS server in order to sign a SAML token, impersonate a privileged user and eventually collect mail data through the Microsoft Graph API.

In the future, in addition to expanding the laboratory environment and adding new attack scenarios to it, Microsoft plans to implement in SimuLand support for automating attacks through the Azure Functions cloud system, exporting and sharing telemetry, integrating Microsoft Defender evaluation labs, and deploying and maintaining infrastructure through CI/CD pipelines with Azure DevOps.

To test the capabilities of the new tool, SimuLand users need an Azure client and at least a Microsoft 365 E5 license (paid or trial). ^[1]

Notes