Attack Simulation Project.

Tasks:

Everyone is to perform the following attack simulations.

1. Credential Harvest,

2. Malware attachment

3. Drive by URL

What is Attack Simulation?

Attack simulation involves creating and running controlled cyberattack scenarios within an organization to test its security posture and employee awareness. These simulations help identify vulnerabilities, measure the effectiveness of security policies, and train employees to recognize and respond to potential threats.

Benefits of Attack Simulation. There are several benefits attack simulation to an organization

1. Identify Vulnerabilities: Attack simulation help uncover weaknesses in security systems, policies, and procedures, allowing organizations to address them before real attackers can exploit them.

2. Enhance Security Awareness: By exposing employees to simulated attacks, organizations can improve their awareness and training, helping them recognize and respond to actual threats.

3. Test Incident Response: Attack Simulations allow organizations to evaluate and refine their incident response plans, ensuring that they are effective and efficient in the event of a real attack.

4. Regulatory Compliance: Many industries require regular security assessments and testing. Conducting attack simulations can help organizations meet these compliance requirements.

5. Improve Security Posture: By regularly conducting attack simulations, organizations can continuously improve their security posture, making them more resilient to cyber threats.

Task 1.

Credential Harvest: A credential harvest simulation is a controlled scenario that mimics real-world phishing attacks to test an organization's defenses against credential theft. It aims to identify vulnerabilities and train employees to recognize and respond to such threats.

In this type of technique, a malicious actor creates a message, with a URL in the message. When the target clicks on the URL within the message, they are taken to a website, the website often shows input boxes for luring the target to submit their username and password. Typically, the page attempting to lure the target will be themed to represent a well-known website to build trust in the target.

Steps to Implement the credential Harvest Simulation.

Login to Microsoft Defender portal. Click on show all, navigate to Email & Collaboration, click on the dropdown and select Attack Simulation Training.

Next, Click on Simulation, select Launch a Simulation and select Credential Harvest and click on next.

Input the Name and click on next.

Select a Payload.

What is a payload? A payload refers to the content used to simulate a cyberattack. It's the actual element that's delivered to the target in order to test their reaction and the effectiveness of security measures. It could be a malicious email attachment, a phishing link, or any other piece of content designed to mimic a real cyber threat.

There are so many payloads, you just check box anyone of your choice. You can send a text to see how the mail will appear.

On Target Users, click on Add users and select the number of users you want to simulate and click on next.

On Assign Training, I left it at default and click on next.

Next, Select a landing page of your choice.

Next, select end user notification, choose language and click next.

Next, configure when and how you want this simulation to launch and click on next.

Review Simulation and Summit.

Simulation has been launched. Click on done.

Tell the target users to login to their Outlook app to check their mails. This is how the mail will appear and if the User clicks on the Keep same password, which most users are likely to do then his account will be hacked.

Task 2.

Malware Attachment: In this type of technique, a malicious actor creates a message, with an attachment added to the message. When the target opens the attachment, typically some arbitrary code such as a macro will execute in order to help the attacker install additional code on a target's device or further entrench themselves.

A malware attachment is a file sent via email with the intent to harm the recipient's computer or compromise their security in some way.

To Implement Malware Attachment Simulation

1. Login to Microsoft Defender Portal and navigation to Email and collaboration, click on Attack simulation training, click on Simulation and select Launch a simulation.

   

2. On Select a Technique, check the box for malware attachment and click

   on next.

   

3. Under Name simulation, Give the simulation a name and click on next.

   

4. On Select Payload, checkbox the payload of your choice. You can choose to send a test or not to and click on next.

   

5. Next Add Users you want use for this simulation. You can add all users or choose selected users. In this project we are adding all users excluding guest users

   

6. On Assign training, leave at default and click next

   

   7. Select Landing page for learning moment after getting phished

      

8. Select User notification for the simulation

9. Next, configure when and how you want to launch this simulation.

   

   10. Review and Summit

       

Finally, the simulation has been launched. Click on done.

Task 3

Drive by URL: In this type of technique, a malicious actor creates a message, with a URL in the message. When the target clicks on the URL within the message, they are taken to a website, the site will then try and run some background code to gather information about the target or deploy arbitrary code to their device. Typically, the website attempting to lure the target will be a well-known website that has been compromised in some fashion, or a clone of a well-known website itself. This familiarity with the website builds trust in the target that it is safe to click, this is also sometimes known as a watering hole technique.

How To Implement Drive by URL

1. Login to Microsoft Defender Portal as usual and navigate to Email & Collaboration > Attack Simulation Training > Select Simulation and then click on Launch a Simulation.

2. On Select Technique, checkbox Drive by URL and click on next.

3. Give your Simulation a name and click on next

4. Select Payload and landing page, you can choose to send a test or not. Click on next.

5. Next, Add users. Here I click on include all users and select next.

6. On Assign Training, you can choose any one of your choices, but I leave it at default.

7. Next, select a Phish landing page, where a user that is phished can go for training.

8. Next, select end user notification.

9. Configure how you want to launch this simulation.

10. Review and simulate. You can send a test if you want and click on submit.

Finally, Simulation has been launched, click on done.

Next, Open outlook to see the URL. Here, we want the user to click on the and see what happens.

Login to Outlook.com and sign in with email and password. next open the mail and gets this notification he has been phished.

The Three Attack Simulation Implemented.

Kindly View, Like and Comment

My Name is Theodora Egburedi

M365 Technical Support Engineer.