Microsoft Attack Simulator: The GOOD, the BAD & the BUGS

I have done a deep dive into Microsoft’s Attack Simulator and want to share my 2 cent’s about my experience. I will be showing tips, explaining different attack methods, easily creating custom payloads, explaining features, discovering a BUG, and much more!

Chapters

0:00 – Intro: attack simulator

0:33 – Licensing

0:46 – Where can I find the attack simulator?

0:53 – Permissions needed

1:20 – Enable auditing before you start

1:38 – Verify if auditing is enabled via PS

1:58 – Start setting up your simulation

2:08 – Simulation attack techniques

3:23 – Creation of a payload

3:45 – Payload example

4:02 – Dynamic tags

5:29 – Adding indicators

5:48 – Use CTR+F to help you with marking indicators

6:03 – Breaking the indicators 6:45 – BUG!!

7:13 – You need to start over by adding indicators

7:28 – Preview your indicators

8:02 – Pick your landing page

8:23 – End User notifications

8:51 – Launch Details: Region-aware timezone delivery

9:16 – Feature request: Activity-aware delivery

9:44 – Review your simulation

9:57 – Let’s open the OAuth attack simulation

11:15 – Recognize simulation emails based on the headers

12:18 – Payloads provided by Microsoft

12:35 – Transform any “nice” looking email into your own custom payload

13:03 – The power of code

14:08 – Replace all url’s into phishing links

14:38 – You can test this yourself!

15:04 – Outro

Sources: [Link] Microsoft Doc’s: https://learn.microsoft.com/en-us/mic…

Leave a Reply

Your email address will not be published. Required fields are marked *