Microsoft 365 Defender Attack Simulation

Attack simulation is a tool that allows security administrators in their organization to test the effectiveness of their security policies and configurations against different types of cyber attacks. With this tool, scenarios such as phishing, malware, ransomware, credential theft and lateral movement, among others, can be simulated.

The goal is to identify and correct vulnerabilities that could jeopardize the security of the organization and user data. Microsoft 365 Defender Attack Simulation also provides detailed reports on simulation results, recommended corrective actions and best practices to improve the security posture.

For this implementation, the Overcast team will support and guide you through phishing-type simulations. Attack simulation scenarios are contemplated, which are as follows:

• Credential Harvest: Attempts to collect credentials by taking users to a familiar-looking website with input boxes to submit a username and password.
• Malware attachment: Adds malicious attachments to a message. When the user opens the attachment, arbitrary code is executed that helps the attacker compromise the target device.
• Link in Attachment: A type of credential harvesting hybrid. An attacker inserts a URL into an email attachment. The URL within the attachment follows the same technique as credential harvesting.
• Link to malware: Executes arbitrary code from a file hosted on a known file sharing service. The message sent to the user contains a link to this malicious file. Opening the file helps the attacker to compromise the target device.
• Drive-by URL: The malicious URL in the message takes the user to a familiar-looking website that silently executes or installs code on the user's device.
• OAuth Consent Grant: The malicious URL asks users to grant permissions to data for a malicious Azure Application.

The Overcast team will provide you with a technical report, results reports and technical training session for your organization's administrators.

Pre-requisites

• Licensing Microsoft 365 E5 or Trial 30 days (only 25 users)
• Microsoft Defender Licensing for Office 365 Plan 2 or Trial 90 days (25 users only)
• Provide Microsoft 365 account with Azure AD Roles (Global Administrator, Security administrator, Attack *simulation administrators, Author *attack loader)