GA of Attack Simulator For Office 365 Threat Intelligence

Published Apr 17 2018 03:11 PM 32.3K Views
Microsoft

A few weeks ago, we released a public preview for Attack Simulator for Office 365 Threat Intelligence. Today, we’re excited to announce that Attack Simulator is now generally available. Attack Simulator for Office 365 Threat Intelligence is available to all Office 365 E5 or Office 365 Threat Intelligence customers.

 

With Attack Simulator, customers can launch simulated attacks on their end users, determine how end users behave in the event of an attack, and update policies and ensure that appropriate security tools are in place to protect the organization from threats.  The GA of Attack Simulator adds a new HTML editor so realistic looking HTML emails can be sent in simulations of spear-phishing.  Also, two spear-phishing templates are available for immediate use in the spear phishing simulation.

 

 

Figure 1.  Email template for spear phish simulation using a fake email from an organization’s payroll department.Figure 1. Email template for spear phish simulation using a fake email from an organization’s payroll department.

 

Attack Simulator includes the three attack scenarios from our public preview.

 

  • Display Name Spear Phishing Attack: Phishing is the generic term for socially engineered attacks designed to harvest credentials or personally identifiable information (PII). Spear phishing is a subset of this phishing and is more targeted, often aimed at a specific group, individual, or organization.  These attacks are customized and tend to leverage a sender name that generates trust with the recipient.

 

  • Password Spray Attack: To prevent bad actors from constantly guessing the passwords of user accounts, often there are account lockout policies.  For example, an account will lockout after a certain number of bad passwords are guessed for a user.  However, if you were to take a single password and try it against every single account in an organization, it would not trigger any lockouts.  The password spray attack leverages commonly used passwords and targets many accounts in an organization with the hope that one of the account holder uses a common password that allows a hacker to enter the account and take control of it.  From this compromised account, a hacker can launch more attacks by assuming the identity of account holder.

 

  • Brute Force Password Attack: This type of attack consists of a hacker trying many passwords or passphrases with the hope of eventually guessing correctly. The attacker systematically checks all possible passwords and passphrases until the correct one is found.

 

This video demonstrates how Attack Simulator can help organizations educate users to become more secure from cyber threats.  With Attack Simulator, admins can train all their end users, and especially those who are attacked most often.  This proactive training is a powerful way to ensure that your organization can prevent the impact from advanced threats.  Over the coming months, more threat simulations will be added to Attack Simulator so organizations can simulate the most prevalent threat types from the modern threat landscape.

 

 

Begin Educating your End Users Today

            Experience the benefits of Attack Simulator for Office 365 Threat Intelligence by beginning an Office 365 E5 trial or Office 365 Threat Intelligence Trial today.   Also, learn more about how Microsoft leverages threat intelligence and the value of threat intelligence. Your feedback is one of the most important drivers of our innovation, so please let us know what you think. 

13 Comments
%3CLINGO-SUB%20id%3D%22lingo-sub-183954%22%20slang%3D%22en-US%22%3EGA%20of%20Attack%20Simulator%20For%20Office%20365%20Threat%20Intelligence%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-183954%22%20slang%3D%22en-US%22%3E%3CP%3EA%20few%20weeks%20ago%2C%20we%20released%20a%20%3CA%20title%3D%22Attack%20Simulator%20Public%20Preview%20Blog%22%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2FSecurity-Privacy-and-Compliance%2FAnnouncing-the-Public-Preview-of-Attack-Simulator-for-Office-365%2Fba-p%2F162412%22%20target%3D%22_blank%22%3Epublic%20preview%3C%2FA%3E%20for%20Attack%20Simulator%20for%20Office%20365%20Threat%20Intelligence.%20Today%2C%20we%E2%80%99re%20excited%20to%20announce%20that%20Attack%20Simulator%20is%20now%20generally%20available.%20Attack%20Simulator%20for%20Office%20365%20Threat%20Intelligence%20is%20available%20to%20all%20Office%20365%20E5%20or%20Office%20365%20Threat%20Intelligence%20customers.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EWith%20Attack%20Simulator%2C%20customers%20can%20launch%20simulated%20attacks%20on%20their%20end%20users%2C%20determine%20how%20end%20users%20behave%20in%20the%20event%20of%20an%20attack%2C%20and%20update%20policies%20and%20ensure%20that%20appropriate%20security%20tools%20are%20in%20place%20to%20protect%20the%20organization%20from%20threats.%26nbsp%3B%20The%20GA%20of%20Attack%20Simulator%20adds%20a%20new%20HTML%20editor%20so%20realistic%20looking%20HTML%20emails%20can%20be%20sent%20in%20simulations%20of%20spear-phishing.%26nbsp%3B%20Also%2C%20two%20spear-phishing%20templates%20are%20available%20for%20immediate%20use%20in%20the%20spear%20phishing%20simulation.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F32476i39DA2B4CAEB55B34%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22Attack_Simulator_html_editor.png%22%20title%3D%22Attack_Simulator_html_editor.png%22%20%2F%3E%3CSPAN%20class%3D%22lia-inline-image-caption%22%20onclick%3D%22event.preventDefault()%3B%22%3EFigure%201.%20Email%20template%20for%20spear%20phish%20simulation%20using%20a%20fake%20email%20from%20an%20organization%E2%80%99s%20payroll%20department.%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EAttack%20Simulator%20includes%20the%20three%20attack%20scenarios%26nbsp%3Bfrom%20our%20public%20preview.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3E%3CSTRONG%3EDisplay%20Name%20Spear%20Phishing%20Attack%3C%2FSTRONG%3E%3A%20Phishing%20is%20the%20generic%20term%20for%20socially%20engineered%20attacks%20designed%20to%20harvest%20credentials%20or%20personally%20identifiable%20information%20(PII).%20Spear%20phishing%20is%20a%20subset%20of%20this%20phishing%20and%20is%20more%20targeted%2C%20often%20aimed%20at%20a%20specific%20group%2C%20individual%2C%20or%20organization.%26nbsp%3B%20These%20attacks%20are%20customized%20and%20tend%20to%20leverage%20a%20sender%20name%20that%20generates%20trust%20with%20the%20recipient.%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3E%3CSTRONG%3EPassword%20Spray%20Attack%3A%3C%2FSTRONG%3E%20To%20prevent%20bad%20actors%20from%20constantly%20guessing%20the%20passwords%20of%20user%20accounts%2C%20often%20there%20are%20account%20lockout%20policies.%26nbsp%3B%20For%20example%2C%20an%20account%20will%20lockout%20after%20a%20certain%20number%20of%20bad%20passwords%20are%20guessed%20for%20a%20user.%26nbsp%3B%20However%2C%20if%20you%20were%20to%20take%20a%20single%20password%20and%20try%20it%20against%20every%20single%20account%20in%20an%20organization%2C%20it%20would%20not%20trigger%20any%20lockouts.%20%26nbsp%3BThe%20password%20spray%20attack%20leverages%20commonly%20used%20passwords%20and%20targets%20many%20accounts%20in%20an%20organization%20with%20the%20hope%20that%20one%20of%20the%20account%20holder%20uses%20a%20common%20password%20that%20allows%20a%20hacker%20to%20enter%20the%20account%20and%20take%20control%20of%20it.%26nbsp%3B%20From%20this%20compromised%20account%2C%20a%20hacker%20can%20launch%20more%20attacks%20by%20assuming%20the%20identity%20of%20account%20holder.%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3E%3CSTRONG%3EBrute%20Force%20Password%20Attack%3A%20%3C%2FSTRONG%3EThis%20type%20of%20attack%20consists%20of%20a%20hacker%20trying%20many%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fen.wikipedia.org%2Fwiki%2FPassword%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Epasswords%20%3C%2FA%3Eor%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fen.wikipedia.org%2Fwiki%2FPassphrase%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Epassphrases%3C%2FA%3E%26nbsp%3Bwith%20the%20hope%20of%20eventually%20guessing%20correctly.%20The%20attacker%20systematically%20checks%20all%20possible%20passwords%20and%20passphrases%20until%20the%20correct%20one%20is%20found.%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThis%20%3CA%20title%3D%22Attack%20Simulator%20Mechanics%20Video%22%20href%3D%22https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3D5jWGU2VM3SI%26amp%3Bfeature%3Dyoutu.be%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Evideo%3C%2FA%3E%20demonstrates%20how%20Attack%20Simulator%20can%20help%20organizations%20educate%20users%20to%20become%20more%20secure%20from%20cyber%20threats.%26nbsp%3B%20With%20Attack%20Simulator%2C%20admins%20can%20train%20all%20their%20end%20users%2C%20and%20especially%20those%20who%20are%20attacked%20most%20often.%26nbsp%3B%20This%20proactive%20training%20is%20a%20powerful%20way%20to%20ensure%20that%20your%20organization%20can%20prevent%20the%20impact%20from%20advanced%20threats.%26nbsp%3B%20Over%20the%20coming%20months%2C%20more%20threat%20simulations%20will%20be%20added%20to%20Attack%20Simulator%20so%20organizations%20can%20simulate%20the%20most%20prevalent%20threat%20types%20from%20the%20modern%20threat%20landscape.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3EBegin%20Educating%20your%20End%20Users%20Today%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20Experience%20the%20benefits%20of%20Attack%20Simulator%20for%20Office%20365%20Threat%20Intelligence%20by%20beginning%20an%20%3CA%20title%3D%22E5%20trial%22%20href%3D%22https%3A%2F%2Fportal.office.com%2Fsignup%2Flogout%3FOfferId%3D101bde18-5ffb-4d79-a47b-f5b2c62525b3%26amp%3Bdl%3DENTERPRISEPREMIUM%26amp%3Bculture%3Den-AU%26amp%3Bcountry%3DAU%26amp%3Bali%3D1%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EOffice%20365%20E5%20trial%3C%2FA%3E%20or%20%3CA%20title%3D%22TI%20Trial%22%20href%3D%22https%3A%2F%2Fportal.office.com%2Fsignup%2Flogout%3FOfferId%3Dd49e8fa3-0b3f-4541-9ae4-705740326f6a%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EOffice%20365%20Threat%20Intelligence%20Trial%3C%2FA%3E%20today.%26nbsp%3B%26nbsp%3B%20Also%2C%20%3CA%20title%3D%22Threat%20Intel%20WP%22%20href%3D%22https%3A%2F%2Fwww.microsoft.com%2Fitshowcase%2FArticle%2FContent%2F934%2FMicrosoft-uses-threat-intelligence-to-protect-detect-and-respond-to-threats%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Elearn%20more%3C%2FA%3E%20about%20how%20Microsoft%20leverages%20threat%20intelligence%20and%20the%20%3CA%20title%3D%22TI%20Video%22%20href%3D%22https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3DO4WtxgUrDc8%26amp%3Bfeature%3Dyoutu.be%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Evalue%20of%20threat%20intelligence%3C%2FA%3E.%20Your%20feedback%20is%20one%20of%20the%20most%20important%20drivers%20of%20our%20innovation%2C%20so%20please%20let%20us%20know%20what%20you%20think.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-183954%22%20slang%3D%22en-US%22%3E%3CP%3EAnnouncing%20the%20GA%20of%20Attack%20Simulator%20for%20Office%20365%20Threat%20Intelligence%20enabling%20organizations%20to%20educate%20and%20raise%20awareness%20of%20cyber%20threats%20to%20ultimately%20help%20reduce%20an%20organization's%20risk%20profile.%3C%2FP%3E%3C%2FLINGO-TEASER%3E%3CLINGO-LABS%20id%3D%22lingo-labs-183954%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EOffice%20365%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOnboarding%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESecurity%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ETraining%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-308810%22%20slang%3D%22en-US%22%3ERe%3A%20GA%20of%20Attack%20Simulator%20For%20Office%20365%20Threat%20Intelligence%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-308810%22%20slang%3D%22en-US%22%3E%3CP%3EDear%20Team%2C%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EWe%20have%20customer%20was%20trying%20to%20ran%20some%20phishing%20attach%20simulator.%20However%2C%20on%20the%20result%20the%20User%20targeted%20does%20not%20tally%20the%20number%20of%20mailbox%20entered%20during%20the%20test.%20Customer%20was%20sending%20it%20to%20the%20several%20group%20with%20more%20than%20500%20Total%20members%20but%20on%20the%20report%20it%20only%20says%20300%2B.%20Was%20this%20a%20glitch%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-212811%22%20slang%3D%22en-US%22%3ERe%3A%20GA%20of%20Attack%20Simulator%20For%20Office%20365%20Threat%20Intelligence%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-212811%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20John%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20tested%20the%20features%20with%20M365%20E5%20present%20for%20all%20users%20..%26nbsp%3B%20so%20it's%20not%20a%20license%20restriction.%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAnyway%20%E2%80%A6%26nbsp%3B%20very%20little%20feedback%20from%20Microsoft%20%E2%80%A6%26nbsp%3B%26nbsp%3BThreat%20Intelligence%20is%20not%20cheap%20%E2%80%A6%26nbsp%3B%26nbsp%3B%20sounds%20like%20a%20hard%20bargain%20to%20engage%20your%20customers%20%E2%80%A6%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-211429%22%20slang%3D%22en-US%22%3ERe%3A%20GA%20of%20Attack%20Simulator%20For%20Office%20365%20Threat%20Intelligence%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-211429%22%20slang%3D%22en-US%22%3E%3CP%3EI%20got%20the%20same%20error%20repeatedly.%20First%20I%20thought%20it%20was%20because%20I%20was%20entering%20email%20addresses%20directly%20and%20not%20allowing%20them%20to%20resolve.%20After%20entering%20all%20my%20100%20test%20users%20individually%20by%20name%20and%20letting%20O365%20resolve%20with%20Active%20Directory%2C%20it%20still%20failed.%20So%20I%20deleted%20about%201%2F2%20the%20names%20in%20my%20group%20and%20the%20test%20went%20through%20with%20a%20total%20of%2065%20names%20on%20it.%20If%20I%20had%20to%20guess%2C%20the%20size%20of%20testable%20population%20is%20related%20to%20the%20level%20of%20Office%20365%20associated%20with%20your%20account.%20I%20know%20there%20are%20some%20features%20that%20have%20restrictions%20based%20on%20this%20and%20I%20have%20a%20mid-level%20license%20because%20I%20haven't%20needed%20a%20higher%20one.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-204182%22%20slang%3D%22en-US%22%3ERe%3A%20GA%20of%20Attack%20Simulator%20For%20Office%20365%20Threat%20Intelligence%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-204182%22%20slang%3D%22en-US%22%3E%3CP%3EHey%20John%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe're%20in%20the%20European%20region%20when%20testing%20this%20feature.%26nbsp%3B%20I%20have%20the%20same%20error%2C%20so%20far%20..%20no%20solution%20..%26nbsp%3B%26nbsp%3B%20It%20looked%20promising%2C%20but%20if%20it%20doesn't%20work%20%E2%80%A6%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECheers%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-202793%22%20slang%3D%22en-US%22%3ERe%3A%20GA%20of%20Attack%20Simulator%20For%20Office%20365%20Threat%20Intelligence%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-202793%22%20slang%3D%22en-US%22%3E%3CP%3EIt%20doesn't%20work%20for%20me%2C%20i've%20got%20a%20call%20open%20and%20now%20closed.%26nbsp%3B%20I%20get%20error%20500's%20when%20running%20%22%3CSPAN%3ESecureScore%20API%20failed.%26nbsp%3Betc%22%26nbsp%3B%20Is%20this%20the%20same%20for%20everyone%20or%20just%20isolated%3F%26nbsp%3B%20We%20are%20on%20Western%20Europe%20(London%2FCardiff%2FAmsterdam%20I%20guess%3F)%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-198934%22%20slang%3D%22en-US%22%3ERe%3A%20GA%20of%20Attack%20Simulator%20For%20Office%20365%20Threat%20Intelligence%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-198934%22%20slang%3D%22en-US%22%3E%3CP%3ELooks%20interesting%20but%20for%20a%20small%20business%2C%20the%20price%20to%20add%20the%20threat%20licensing%20is%20almost%20as%20much%20as%20a%20business%20premium%20license.%20If%20the%20price%20was%20reasonable%20we%20could%20sell%20this%20to%20many%20customers%20by%20doing%20a%20trial%20to%20show%20the%20benefits%20and%20using%20the%20test%20results%20to%20get%20them%20to%20commit%20to%20buying%20it.%20But%20I'd%20value%20this%20at%20more%20like%20%242-4%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-198832%22%20slang%3D%22en-US%22%3ERe%3A%20GA%20of%20Attack%20Simulator%20For%20Office%20365%20Threat%20Intelligence%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-198832%22%20slang%3D%22en-US%22%3E%3CP%3ELove%20this%20feature.%20It%20scared%20me%20a%20bit%20to%20see%20how%20many%20people%20use%20a%20default%20password%20or%20even%20keep%20the%20password%20we%20gave%20as%20a%20temporary%20one.%20We%20changed%20some%20policies%20based%20on%20the%20information%20we%20got%20from%20the%20Attack%20simulator.%20The%20Phishing%20mail%20functionality%20is%20also%20something%20I%20really%20like%2C%20even%20the%20IT%20engineers%20fell%20for%20it.%20Amazing!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-198604%22%20slang%3D%22en-US%22%3ERe%3A%20GA%20of%20Attack%20Simulator%20For%20Office%20365%20Threat%20Intelligence%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-198604%22%20slang%3D%22en-US%22%3E%3CP%3EWhat%20a%20cool%20feature.%20Good%20to%20train%20users!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-188872%22%20slang%3D%22en-US%22%3ERe%3A%20GA%20of%20Attack%20Simulator%20For%20Office%20365%20Threat%20Intelligence%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-188872%22%20slang%3D%22en-US%22%3E%3CP%3EEven%20though%20it's%20GA%2C%20I%20still%20can't%20use%20a%20password%20file%20to%20perform%20a%20brute%20force%20attack.%26nbsp%3B%26nbsp%3B%20I'm%20using%20a%20txt%20file%20with%20one%20password%20per%20line%20and%20there%20are%26nbsp%3Bno%20blancs%20in%20the%20file.%26nbsp%3B%26nbsp%3BIs%20there%20a%20limit%20in%20how%20many%20passwords%20can%20be%20tested%3F%26nbsp%3B%20I%20first%20tested%20with%201.1%20million%20passwords%2C%20now%20with%20300K%20passwords%2C%20etc...%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EDespite%20the%20efforts%26nbsp%3BI%20keep%20getting%20the%20following%20error%20for%20the%20past%20days.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ERequest%3A%20api%2FSimulateAttacks%2FCreateEwsPasswordAttack%20Status%20code%3A%20500%20Exception%3A%20System.Net.Http.HttpRequestException%20Exception%20message%3A%20SecureScore%20API%20failed.%20ResultCode%3A%20BadRequest%20Diagnostic%20information%3A%20%7BVersion%3A16.00.2312.004%2CEnvironment%3AEUSPROD%2CDeploymentId%3Ab9d1eaec988246bd97ea05edb88f7c8e%2CInstanceId%3AWebRole_IN_1%2CSID%3Ac10c32c0-adb1-48ef-9727-d7945e227a96%2CCID%3A7023c8f2-cf75-449a-a218-af702b05e8db%7D%20Time%3A%202018-05-01T%3CA%20href%3D%22https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3D5jWGU2VM3SI%26amp%3Bt%3D31554s%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3E%3CFONT%20color%3D%22%230066cc%22%3E08%3A45%3A54%3C%2FFONT%3E%3C%2FA%3E.1042981Z%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-184448%22%20slang%3D%22en-US%22%3ERe%3A%20GA%20of%20Attack%20Simulator%20For%20Office%20365%20Threat%20Intelligence%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-184448%22%20slang%3D%22en-US%22%3E%3CP%3EWe%20use%20ADFS%20and%20don't%20syncronise%20AD%20passwords%20to%20Azure%20AD%2C%20so%20passwords%20shouldn't%20be%20stored%20in%20the%20cloud%2C%20not%20even%20hashes.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EYet%20this%20tool%20reports%20that%20an%20account%20password%20is%20cracked%20when%20I%20input%20the%20known%20password%20to%20the%20list%20used%20for%20the%20brute%20force.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESo%20my%20question%20is%20where%20is%20Microsoft%20obtaining%20the%20account%20password%20from%20to%20undertake%20a%20brute%20force%20attack%3F%20We%20were%20told%20ADFS%20means%20the%20password%20never%20leaves%20our%20on-premise%20environment.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAlso%2C%20IMHO%20the%20most%20useful%20addition%20to%20Attack%20simulator%20would%20be%20for%20MSFT%20to%20run%20hashed%20passwords%20against%20the%20hashes%20of%20known%20passwords%20and%20report%20where%20a%20user%20has%20a%20password%20that%20is%20already%20known%20to%20be%20broken%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-184342%22%20slang%3D%22en-US%22%3ERe%3A%20GA%20of%20Attack%20Simulator%20For%20Office%20365%20Threat%20Intelligence%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-184342%22%20slang%3D%22en-US%22%3E%3CP%3E**bleep**%2C%20my%20article%20on%20Attack%20Simulator%20is%20scheduled%20for%20tomorrow%2C%20now%20I%20have%20to%20change%20it%20%3A)%3C%2Fimg%3E%20Congrats%20on%20GA!%20One%20of%20the%20coolest%20tools%20we've%20gotten%20in%20the%20last%20few%20months.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1533735%22%20slang%3D%22en-US%22%3ERe%3A%20GA%20of%20Attack%20Simulator%20For%20Office%20365%20Threat%20Intelligence%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1533735%22%20slang%3D%22en-US%22%3E%3CP%3EI%20wish%20Microsoft%20would%20provide%20a%20list%20of%20the%20most%20common%20passwords%20to%20run%20against%20our%20users.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Version history
Last update:
‎May 11 2021 01:54 PM
Updated by: