Microsoft is releasing a dataset covering its experiments from the SimuLand initiative, which tests scenarios on Microsoft security services.
Microsoft is this week launching a public dataset taken from its first SimuLand event. If you are unfamiliar with the SimuLand initiative, it provides researchers with tools to test how services like Azure Defender, Microsoft 365 Defender, and Azure Sentinel handle attacks.
During the first open-source SimuLand event last month security teams could create test attacks patterns, deploy lab environments, and see how Microsoft security platforms work against threats. Throughout the experiments, researchers took telemetry data to enhance understanding of attacks.
Microsoft is now releasing a public dataset covering that telemetry data. Specifically, from the first simulation looking at how threat actors could steal the Azure Directory Federated Services (ADFS) token-signing certificate from an ADFS server stored on-premises. They could then leverage the ADFS to sign a Security Assertion Markup Language (SAML) token to access Microsoft Graph API.
Several security events were monitored during the simulation, which are now available in the new dataset. Microsoft details these events in an image (above).
All logs gathered during the simulation were from Microsoft 365 Defender Advanced hunting API and Azure Log Analytics workspace API. Microsoft points out making the dataset public gives security researchers more tools to combat risks, including improving detection in the following ways:
You can read more about the SimuLand initiative on Microsoft’s official GitHub here.
Tip of the day: File History is a Windows 10 back up feature that saves each version of files in the Documents, Pictures, Videos, Desktop, and Offline OneDrive folders. Though its name implies a primary focus on version control, you can actually use it as a fully-fledged backup tool for your important documents.
 

source

Por redditxxx