Microsoft Attack Simulator: The GOOD, the BAD & the BUGS
I have done a deep dive into Microsoft’s Attack Simulator and want to share my 2 cent’s about my experience. I will be showing tips, explaining different attack methods, easily creating custom payloads, explaining features, discovering a BUG, and much more!
Chapters
0:00 – Intro: attack simulator
0:33 – Licensing
0:46 – Where can I find the attack simulator?
0:53 – Permissions needed
1:20 – Enable auditing before you start
1:38 – Verify if auditing is enabled via PS
1:58 – Start setting up your simulation
2:08 – Simulation attack techniques
3:23 – Creation of a payload
3:45 – Payload example
4:02 – Dynamic tags
5:29 – Adding indicators
5:48 – Use CTR+F to help you with marking indicators
6:03 – Breaking the indicators 6:45 – BUG!!
7:13 – You need to start over by adding indicators
7:28 – Preview your indicators
8:02 – Pick your landing page
8:23 – End User notifications
8:51 – Launch Details: Region-aware timezone delivery
9:16 – Feature request: Activity-aware delivery
9:44 – Review your simulation
9:57 – Let’s open the OAuth attack simulation
11:15 – Recognize simulation emails based on the headers
12:18 – Payloads provided by Microsoft
12:35 – Transform any “nice” looking email into your own custom payload
13:03 – The power of code
14:08 – Replace all url’s into phishing links
14:38 – You can test this yourself!
15:04 – Outro
Sources: [Link] Microsoft Doc’s: https://learn.microsoft.com/en-us/mic…