fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Microsoft Releases SimuLand, a Test Lab For Simulated Cyberattacks

Microsoft Releases SimuLand, a Test Lab For Simulated Cyberattacks

Microsoft has released SimuLand, an open-source lab environment to help test and improve Microsoft 365 Defender, Azure Defender, and Azure Sentinel defenses against real attack scenarios.

SimuLand test labs “provide use cases from a variety of data sources including telemetry from Microsoft 365 Defender security products, Azure Defender, and other integrated data sources through Azure Sentinel data connectors,” MSTIC Threat Researcher Roberto Rodriguez said.

Lab environments deployed using SimuLab can help security experts “actively test and verify the effectiveness of related Microsoft 365 Defender, Azure Defender, and Azure Sentinel detections, and extend threat research using telemetry and forensic artifacts generated after each simulation exercise.”

SimuLab test environments are designed to help security teams:

  • Understand the underlying behavior and functionality of adversary tradecraft.
  • Identify mitigations and attacker paths by documenting preconditions for each attacker action.
  • Expedite the design and deployment of threat research lab environments.
  • Stay up to date with the latest techniques and tools used by real threat actors.
  • Identify, document, and share relevant data sources to model and detect adversary actions.
  • Validate and tune detection capabilities.

Currently, the only lab environment available for deployment allows researchers to test and improve their defenses against Golden SAML attacks that allow threat actors to forge authentication to cloud apps.

Also Read: How to Comply with PDPA: A Checklist For Businesses

You can share your own end-to-end simulation scenarios by opening new issues on the SimuLand GitHub repository.

Besides working on adding more scenarios, Microsoft also wants to add automation of attack actions via Azure Functions in the cloud, telemetry export and share, Microsoft Defender evaluation labs integration, as well as infrastructure deployment and maintenance using CI/CD pipelines with Azure DevOps.

Lab environments contributed through this open-source Microsoft initiative require an Azure tenant and at least a Microsoft 365 E5 license (paid or trial).

Last month, the Microsoft 365 Defender Research team also released an open-source cyberattack simulator dubbed CyberBattleSim.

This simulator allows creating simulated network environments that model how AI-controlled cyber agents (the threat actors) spread through a network after its initial compromise.

“The simulated attacker’s goal is to take ownership of some portion of the network by exploiting these planted vulnerabilities,” Microsoft explained.

Also Read: In Case You Didn’t Know, ISO 27001 Requires Penetration Testing

“While the simulated attacker moves through the network, a defender agent watches the network activity to detect the presence of the attacker and contain the attack.”

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us