Microsoft recently released a useful tool for the cybersecurity community. Named as ‘SimuLand’, the tool is an open-source project from Microsoft that allows testing real-time attack scenarios.
Microsoft SimuLand Testing Real-Time Attacks
The tech giant Microsoft has presented the SimuLand tool as open-source on GitHub.
The tool basically provides a lab testing environment. Thus, it helps the researchers test their defence methods against real-time attacks. As stated in their blog post,
SimuLand is an open-source initiative by Microsoft to help security researchers around the world deploy lab environments that reproduce well-known techniques used in real attack scenarios, actively test and verify the effectiveness of related Microsoft 365 Defender, Azure Defender, and Azure Sentinel detections, and extend threat research using telemetry and forensic artifacts generated after each simulation exercise.
The lab environment will provide use cases sourced from different Microsoft products. For example, telemetry from Microsoft 365 Defender, Azure Defender, and other sources through Azure Sentinel data connectors.
Researchers can easily integrate SimuLand with existing research methodologies during the dynamic analysis of end-to-end simulation scenarios.
Alongside the tool, Microsoft has also shared step-by-step guides to deploying the lab environment and executing e2e simulation.
As for the tool, the tech giant has designed it in a modular manner. This comprises a three-stage process, “Prepare”, “Deploy”, and “Simulate Detect”.
The structure of the project is very simple and broken down in a modular way so that we can re-use and test a few combinations of attacker actions with different lab environment designs.
Purposes and Future Outlook
Currently, the tool helps in understanding the adversary tradecraft, detecting attack paths and identifying mitigations, attaining knowledge of the attack strategies and tools in use by threat actors, accelerating threat research lab environment design and deployment, and validating the current detection capabilities.
As for the future, Microsoft plans to introduce more features such as the attack action automation in the cloud, export and share telemetry, and others.
Let us know your thoughts in the comments.