Simulating the Enemy
How does that old saying go? Keep your friends close and keep your understanding of a threat actor’s underlying behavior and functionality of tradecraft closer? As new tools are developed and implemented for individuals and businesses to protect themselves, wouldn’t it be great to see how they hold up against different attacks without actually having to wait for an attack to happen? Microsoft’s new open-source tool, Simuland, allows users to simulate attacks on their own infrastructure to see where their own weaknesses lie.
In this episode of Security Unlocked, hosts Natalia Godyla and Nic Fillingham sit down with Roberto Rodriguez, Principle Threat Researcher for the Microsoft Threat Intelligence Center (MSTIC) and Simuland’s developer, to understand how the project came to life, and what users can expect as they use it.
In This Episode You Will Learn:
- How community involvement will help Simuland grow
- How individuals can use Simuland to see examples of actions threat actors can take against their infrastructure
- What other projects and libraries went into Simuland’s development
Some Questions We Ask:
- What exactly is being simulated in Simuland?
- What do does Roberto hope for users to take away from Simuland?
- What is next for the Simuland project?
Resources:
Roberto’s blog post, SimuLand: Understand adversary tradecraft and improve detection strategies
Roberto’s Twitter: Cyb3rWard0g
Related:
Listen to: Afternoon Cyber Tea with Ann Johnson
Listen to: Security Unlocked: CISO Series with Bret Arsenault
Discover and follow other Microsoft podcasts at microsoft.com/podcasts
Security Unlocked is produced by Microsoft and distributed as part of The CyberWire Network.
