зеркало из https://github.com/Azure/SimuLand.git
fd8439b6b0
|
||
|---|---|---|
| _images | ||
| _sources | ||
| _sphinx_design_static | ||
| _static | ||
| environments | ||
| labs | ||
| .buildinfo | ||
| .nojekyll | ||
| CNAME | ||
| README.html | ||
| genindex.html | ||
| index.html | ||
| objects.inv | ||
| search.html | ||
| searchindex.js | ||
README.html
<!DOCTYPE html> <html> <head> <meta charset="utf-8" /> <meta name="viewport" content="width=device-width, initial-scale=1.0" /> <title>Welcome to SimuLand — SimuLand</title> <!-- Loaded before other Sphinx assets --> <link href="_static/styles/theme.css?digest=1999514e3f237ded88cf" rel="stylesheet"> <link href="_static/styles/pydata-sphinx-theme.css?digest=1999514e3f237ded88cf" rel="stylesheet"> <link rel="stylesheet" href="_static/vendor/fontawesome/5.13.0/css/all.min.css"> <link rel="preload" as="font" type="font/woff2" crossorigin href="_static/vendor/fontawesome/5.13.0/webfonts/fa-solid-900.woff2"> <link rel="preload" as="font" type="font/woff2" crossorigin href="_static/vendor/fontawesome/5.13.0/webfonts/fa-brands-400.woff2"> <link rel="stylesheet" type="text/css" href="_static/pygments.css" /> <link rel="stylesheet" href="_static/styles/sphinx-book-theme.css?digest=62ba249389abaaa9ffc34bf36a076bdc1d65ee18" type="text/css" /> <link rel="stylesheet" type="text/css" href="_static/togglebutton.css" /> <link rel="stylesheet" type="text/css" href="_static/copybutton.css" /> <link rel="stylesheet" type="text/css" href="_static/mystnb.css" /> <link rel="stylesheet" type="text/css" href="_static/sphinx-thebe.css" /> <link rel="stylesheet" type="text/css" href="_static/design-style.b7bb847fb20b106c3d81b95245e65545.min.css" /> <!-- Pre-loaded scripts that we'll load fully later --> <link rel="preload" as="script" href="_static/scripts/pydata-sphinx-theme.js?digest=1999514e3f237ded88cf"> <script data-url_root="./" id="documentation_options" src="_static/documentation_options.js"></script> <script src="_static/jquery.js"></script> <script src="_static/underscore.js"></script> <script src="_static/doctools.js"></script> <script src="_static/clipboard.min.js"></script> <script src="_static/copybutton.js"></script> <script src="_static/scripts/sphinx-book-theme.js?digest=f31d14ad54b65d19161ba51d4ffff3a77ae00456"></script> <script>let toggleHintShow = 'Click to show';</script> <script>let toggleHintHide = 'Click to hide';</script> <script>let toggleOpenOnPrint = 'true';</script> <script src="_static/togglebutton.js"></script> <script>var togglebuttonSelector = '.toggle, .admonition.dropdown, .tag_hide_input div.cell_input, .tag_hide-input div.cell_input, .tag_hide_output div.cell_output, .tag_hide-output div.cell_output, .tag_hide_cell.cell, .tag_hide-cell.cell';</script> <script src="_static/design-tabs.js"></script> <script>const THEBE_JS_URL = "https://unpkg.com/thebe@0.8.2/lib/index.js" const thebe_selector = ".thebe,.cell" const thebe_selector_input = "pre" const thebe_selector_output = ".output, .cell_output" </script> <script async="async" src="_static/sphinx-thebe.js"></script> <link rel="canonical" href="https://simulandlabs.com/README.html" /> <link rel="index" title="Index" href="genindex.html" /> <link rel="search" title="Search" href="search.html" /> <link rel="next" title="Helper Docs" href="environments/_helper-docs/README.html" /> <meta name="viewport" content="width=device-width, initial-scale=1" /> <meta name="docsearch:language" content="None"> <!-- Google Analytics --> </head> <body data-spy="scroll" data-target="#bd-toc-nav" data-offset="60"> <!-- Checkboxes to toggle the left sidebar --> <input type="checkbox" class="sidebar-toggle" name="__navigation" id="__navigation" aria-label="Toggle navigation sidebar"> <label class="overlay overlay-navbar" for="__navigation"> <div class="visually-hidden">Toggle navigation sidebar</div> </label> <!-- Checkboxes to toggle the in-page toc --> <input type="checkbox" class="sidebar-toggle" name="__page-toc" id="__page-toc" aria-label="Toggle in-page Table of Contents"> <label class="overlay overlay-pagetoc" for="__page-toc"> <div class="visually-hidden">Toggle in-page Table of Contents</div> </label> <!-- Headers at the top --> <div class="announcement header-item noprint"></div> <div class="header header-item noprint"></div> <div class="container-fluid" id="banner"></div> <div class="container-xl"> <div class="row"> <!-- Sidebar --> <div class="bd-sidebar noprint" id="site-navigation"> <div class="bd-sidebar__content"> <div class="bd-sidebar__top"><div class="navbar-brand-box"> <a class="navbar-brand text-wrap" href="index.html"> <h1 class="site-logo" id="site-title">SimuLand</h1> </a> </div><form class="bd-search d-flex align-items-center" action="search.html" method="get"> <i class="icon fas fa-search"></i> <input type="search" class="form-control" name="q" id="search-input" placeholder="Search this book..." aria-label="Search this book..." autocomplete="off" > </form><nav class="bd-links" id="bd-docs-nav" aria-label="Main"> <div class="bd-toc-item active"> <p aria-level="2" class="caption" role="heading"> <span class="caption-text"> Lab Environments </span> </p> <ul class="nav bd-sidenav"> <li class="toctree-l1 has-children"> <a class="reference internal" href="environments/_helper-docs/README.html"> Helper Docs </a> <input class="toctree-checkbox" id="toctree-checkbox-1" name="toctree-checkbox-1" type="checkbox"/> <label for="toctree-checkbox-1"> <i class="fas fa-chevron-down"> </i> </label> <ul> <li class="toctree-l2"> <a class="reference internal" href="environments/_helper-docs/addDomainToM365.html"> Add Domain to Microsoft 365 Tenant </a> </li> <li class="toctree-l2"> <a class="reference internal" href="environments/_helper-docs/addM365LicenseToUser.html"> Add Microsoft 365 E5 License to User </a> </li> <li class="toctree-l2"> <a class="reference internal" href="environments/_helper-docs/assignAADRole.html"> Assign Azure AD Role to User </a> </li> <li class="toctree-l2"> <a class="reference internal" href="environments/_helper-docs/configureAADConnectADFS.html"> Configure Azure AD Connect: ADFS </a> </li> <li class="toctree-l2"> <a class="reference internal" href="environments/_helper-docs/configureAADConnectPTA.html"> Configure Azure AD Connect: Pass-through Authentication </a> </li> <li class="toctree-l2"> <a class="reference internal" href="environments/_helper-docs/configureM365Defender.html"> Initialize Microsoft 365 Defenders Security Products Configurations </a> </li> <li class="toctree-l2"> <a class="reference internal" href="environments/_helper-docs/connectAzVmAzBastion.html"> Connect to Azure VM via Azure Bastion </a> </li> <li class="toctree-l2"> <a class="reference internal" href="environments/_helper-docs/createPrivateContainerUploadFile.html"> Create an Azure Storage Account and Host a Private File in a Private Container </a> </li> <li class="toctree-l2"> <a class="reference internal" href="environments/_helper-docs/disableAzureADFederation.html"> Disable Azure Active Directory (AD) Federation </a> </li> <li class="toctree-l2"> <a class="reference internal" href="environments/_helper-docs/enableMultiFactorAuthentication.html"> Enable Multi-Factor Authentication </a> </li> <li class="toctree-l2"> <a class="reference internal" href="environments/_helper-docs/enableOffice365AuditLogSearch.html"> Enable Office 365 Audit Log Search </a> </li> <li class="toctree-l2"> <a class="reference internal" href="environments/_helper-docs/getTrustedCASignedSSLCertificate.html"> Create a Certificate Signing Request and Get a Trusted CA Signed SSL Certificate </a> </li> <li class="toctree-l2"> <a class="reference internal" href="environments/_helper-docs/m365TenantGetAzSubscription.html"> Microsoft 365 Tenant: Get an Azure Subscription </a> </li> <li class="toctree-l2"> <a class="reference internal" href="environments/_helper-docs/registerAADAppAndSP.html"> Register Azure AD Application and Create App Service Principal </a> </li> <li class="toctree-l2"> <a class="reference internal" href="environments/_helper-docs/startM365E5Trial.html"> Start Microsoft 365 E5 Trial </a> </li> </ul> </li> <li class="toctree-l1 has-children"> <a class="reference internal" href="environments/README.html"> Lab Environments </a> <input class="toctree-checkbox" id="toctree-checkbox-2" name="toctree-checkbox-2" type="checkbox"/> <label for="toctree-checkbox-2"> <i class="fas fa-chevron-down"> </i> </label> <ul> <li class="toctree-l2"> <a class="reference internal" href="environments/aadHybridIdentityADFS/README.html"> AAD Hybrid Identity: AD FS Environment </a> </li> </ul> </li> </ul> <p aria-level="2" class="caption" role="heading"> <span class="caption-text"> Lab Guides </span> </p> <ul class="nav bd-sidenav"> <li class="toctree-l1"> <a class="reference internal" href="labs/README.html"> All Labs </a> </li> <li class="toctree-l1 has-children"> <a class="reference internal" href="labs/GoldenSAML/README.html"> Golden SAML </a> <input class="toctree-checkbox" id="toctree-checkbox-3" name="toctree-checkbox-3" type="checkbox"/> <label for="toctree-checkbox-3"> <i class="fas fa-chevron-down"> </i> </label> <ul> <li class="toctree-l2 has-children"> <a class="reference internal" href="labs/GoldenSAML/simulation/export-adfs-configuration/README.html"> Export AD FS Configuration </a> <input class="toctree-checkbox" id="toctree-checkbox-4" name="toctree-checkbox-4" type="checkbox"/> <label for="toctree-checkbox-4"> <i class="fas fa-chevron-down"> </i> </label> <ul> <li class="toctree-l3"> <a class="reference internal" href="labs/GoldenSAML/simulation/export-adfs-configuration/exportADFSConfigLocalNamedPipe.html"> Export AD FS Configuration via a Local Named Pipe </a> </li> <li class="toctree-l3"> <a class="reference internal" href="labs/GoldenSAML/simulation/export-adfs-configuration/exportADFSConfigWCFPolicyStore.html"> Export AD FS Configuration via Policy Store Transfer Service </a> </li> <li class="toctree-l3"> <a class="reference internal" href="labs/GoldenSAML/simulation/export-adfs-configuration/exportADFSConfigDotNETReflection.html"> Export AD FS Configuration via .NET Reflection </a> </li> </ul> </li> <li class="toctree-l2 has-children"> <a class="reference internal" href="labs/GoldenSAML/simulation/export-adfs-dkm-key/README.html"> Export AD FS DKM Master Key </a> <input class="toctree-checkbox" id="toctree-checkbox-5" name="toctree-checkbox-5" type="checkbox"/> <label for="toctree-checkbox-5"> <i class="fas fa-chevron-down"> </i> </label> <ul> <li class="toctree-l3"> <a class="reference internal" href="labs/GoldenSAML/simulation/export-adfs-dkm-key/exportADFSDKMKeyLDAP.html"> Export AD FS DKM Master Key via LDAP Queries </a> </li> <li class="toctree-l3"> <a class="reference internal" href="labs/GoldenSAML/simulation/export-adfs-dkm-key/exportADFSDKMKeyDRS.html"> Export AD FS DKM Master Key via Directory Replication Services </a> </li> </ul> </li> <li class="toctree-l2 has-children"> <a class="reference internal" href="labs/GoldenSAML/simulation/export-adfs-certificates/README.html"> Export AD FS Certificates </a> <input class="toctree-checkbox" id="toctree-checkbox-6" name="toctree-checkbox-6" type="checkbox"/> <label for="toctree-checkbox-6"> <i class="fas fa-chevron-down"> </i> </label> <ul> <li class="toctree-l3"> <a class="reference internal" href="labs/GoldenSAML/simulation/export-adfs-certificates/exportADFSCertsDKMKey.html"> Export AD FS Certificates via DKM Master Key </a> </li> </ul> </li> <li class="toctree-l2"> <a class="reference internal" href="labs/GoldenSAML/simulation/sign-new-samltoken/README.html"> Forge SAML Tokens </a> </li> <li class="toctree-l2"> <a class="reference internal" href="labs/GoldenSAML/simulation/get-oauth-accesstoken/README.html"> Get OAuth Access Token with SAML Assertion </a> </li> <li class="toctree-l2"> <a class="reference internal" href="labs/GoldenSAML/simulation/read-mail-messages/README.html"> Read Mail Messages via MS Graph APIs </a> </li> </ul> </li> </ul> </div> </nav></div> <div class="bd-sidebar__bottom"> <!-- To handle the deprecated key --> <div class="navbar_extra_footer"> Powered by <a href="https://jupyterbook.org">Jupyter Book</a> </div> </div> </div> <div id="rtd-footer-container"></div> </div> <!-- A tiny helper pixel to detect if we've scrolled --> <div class="sbt-scroll-pixel-helper"></div> <!-- Main content --> <div class="col py-0 content-container"> <div class="header-article row sticky-top noprint"> <div class="col py-1 d-flex header-article-main"> <div class="header-article__left"> <label for="__navigation" class="headerbtn" data-toggle="tooltip" data-placement="right" title="Toggle navigation" > <span class="headerbtn__icon-container"> <i class="fas fa-bars"></i> </span> </label> </div> <div class="header-article__right"> <button onclick="toggleFullScreen()" class="headerbtn" data-toggle="tooltip" data-placement="bottom" title="Fullscreen mode" > <span class="headerbtn__icon-container"> <i class="fas fa-expand"></i> </span> </button> <div class="menu-dropdown menu-dropdown-repository-buttons"> <button class="headerbtn menu-dropdown__trigger" aria-label="Source repositories"> <i class="fab fa-github"></i> </button> <div class="menu-dropdown__content"> <ul> <li> <a href="https://github.com/Azure/SimuLand" class="headerbtn" data-toggle="tooltip" data-placement="left" title="Source repository" > <span class="headerbtn__icon-container"> <i class="fab fa-github"></i> </span> <span class="headerbtn__text-container">repository</span> </a> </li> <li> <a href="https://github.com/Azure/SimuLand/issues/new?title=Issue%20on%20page%20%2FREADME.html&body=Your%20issue%20content%20here." class="headerbtn" data-toggle="tooltip" data-placement="left" title="Open an issue" > <span class="headerbtn__icon-container"> <i class="fas fa-lightbulb"></i> </span> <span class="headerbtn__text-container">open issue</span> </a> </li> </ul> </div> </div> <div class="menu-dropdown menu-dropdown-download-buttons"> <button class="headerbtn menu-dropdown__trigger" aria-label="Download this page"> <i class="fas fa-download"></i> </button> <div class="menu-dropdown__content"> <ul> <li> <a href="_sources/README.md" class="headerbtn" data-toggle="tooltip" data-placement="left" title="Download source file" > <span class="headerbtn__icon-container"> <i class="fas fa-file"></i> </span> <span class="headerbtn__text-container">.md</span> </a> </li> <li> <button onclick="printPdf(this)" class="headerbtn" data-toggle="tooltip" data-placement="left" title="Print to PDF" > <span class="headerbtn__icon-container"> <i class="fas fa-file-pdf"></i> </span> <span class="headerbtn__text-container">.pdf</span> </button> </li> </ul> </div> </div> <label for="__page-toc" class="headerbtn headerbtn-page-toc" > <span class="headerbtn__icon-container"> <i class="fas fa-list"></i> </span> </label> </div> </div> <!-- Table of contents --> <div class="col-md-3 bd-toc show noprint"> <div class="tocsection onthispage pt-5 pb-3"> <i class="fas fa-list"></i> Contents </div> <nav id="bd-toc-nav" aria-label="Page"> <ul class="visible nav section-nav flex-column"> <li class="toc-h2 nav-item toc-entry"> <a class="reference internal nav-link" href="#about"> About </a> </li> <li class="toc-h2 nav-item toc-entry"> <a class="reference internal nav-link" href="#purpose"> Purpose </a> </li> <li class="toc-h2 nav-item toc-entry"> <a class="reference internal nav-link" href="#structure"> Structure </a> <ul class="nav section-nav flex-column"> </ul> </li> </ul> </nav> </div> </div> <div class="article row"> <div class="col pl-md-3 pl-lg-5 content-container"> <!-- Table of contents that is only displayed when printing the page --> <div id="jb-print-docs-body" class="onlyprint"> <h1>Welcome to SimuLand</h1> <!-- Table of contents --> <div id="print-main-content"> <div id="jb-print-toc"> <div> <h2> Contents </h2> </div> <nav aria-label="Page"> <ul class="visible nav section-nav flex-column"> <li class="toc-h2 nav-item toc-entry"> <a class="reference internal nav-link" href="#about"> About </a> </li> <li class="toc-h2 nav-item toc-entry"> <a class="reference internal nav-link" href="#purpose"> Purpose </a> </li> <li class="toc-h2 nav-item toc-entry"> <a class="reference internal nav-link" href="#structure"> Structure </a> <ul class="nav section-nav flex-column"> </ul> </li> </ul> </nav> </div> </div> </div> <main id="main-content" role="main"> <div> <div class="tex2jax_ignore mathjax_ignore section" id="welcome-to-simuland"> <h1>Welcome to SimuLand<a class="headerlink" href="#welcome-to-simuland" title="Permalink to this headline">#</a></h1> <blockquote> <div><p>See the <a class="reference external" href="https://www.microsoft.com/security/blog/2021/05/20/simuland-understand-adversary-tradecraft-and-improve-detection-strategies/">announcement</a> on the Microsoft Security Blog.</p> </div></blockquote> <p align="center"> <a href="#about">About</a> • <a href="#purpose">Purpose</a> • <a href="#structure">Structure</a> • <a href="#labs">Labs</a> • <a href="#contributing">Contributing</a> • <a href="#trademarks">Trademarks</a> </p> <hr class="docutils" /> <div class="section" id="about"> <h2>About<a class="headerlink" href="#about" title="Permalink to this headline">#</a></h2> <p>SimuLand is an open-source initiative by Microsoft to help security researchers around the world deploy lab environments that reproduce well-known techniques used in real attack scenarios, actively test and verify effectiveness of related Microsoft 365 Defender, Azure Defender and Microsoft Sentinel detections, and extend threat research using telemetry and forensic artifacts generated after each simulation exercise.</p> <p>These lab environments will provide use cases from a variety of data sources including telemetry from Microsoft 365 Defender security products, Azure Defender and other integrated data sources through <a class="reference external" href="https://docs.microsoft.com/en-us/azure/sentinel/connect-data-sources#data-connection-methods">Microsoft Sentinel data connectors</a>.</p> </div> <div class="section" id="purpose"> <h2>Purpose<a class="headerlink" href="#purpose" title="Permalink to this headline">#</a></h2> <p>As we build out the SimuLand framework and start populating lab environments, we will be working under the following basic principles:</p> <ul class="simple"> <li><p>Understand the underlying behavior and functionality of adversary tradecraft</p></li> <li><p>Identify mitigations and attacker paths by documenting preconditions for each attacker action</p></li> <li><p>Expedite the design and deployment of threat research lab environments</p></li> <li><p>Stay up-to-date with the latest techniques and tools used by real threat actors</p></li> <li><p>Identify, document, and share relevant data sources to model and detect adversary actions</p></li> <li><p>Validate and tune detection capabilities</p></li> </ul> </div> <div class="section" id="structure"> <h2>Structure<a class="headerlink" href="#structure" title="Permalink to this headline">#</a></h2> <table class="colwidths-auto table"> <thead> <tr class="row-odd"><th class="head"><p>Folder</p></th> <th class="head"><p>Description</p></th> </tr> </thead> <tbody> <tr class="row-even"><td><p><a class="reference internal" href="environments/README.html"><span class="doc std std-doc">Lab Environments</span></a></p></td> <td><p>Azure Resource Manager (ARM) Templates and documents to deploy lab environments. Some environments contributed through this initiative require at least a Microsoft 365 E5 license (paid or trial) and an Azure tenant. Depending on the lab guide being worked on, the design of the network environments might change a little. While some labs would replicate a hybrid cross-domain environment (on-prem -> Cloud), others would focus only on resources in the cloud.</p></td> </tr> <tr class="row-odd"><td><p><a class="reference internal" href="labs/README.html"><span class="doc std std-doc">Lab Guides</span></a></p></td> <td><p>Step-by-step lab guides summarizing simulation scenarios. From a defensive perspective, simulation steps are also mapped to detection queries and alerts from Microsoft 365 Defender, Azure Defender, and Microsoft Sentinel. We believe this would help guide some of the extended threat research generated from the simulation exercise.</p></td> </tr> </tbody> </table> <div class="toctree-wrapper compound"> <p aria-level="2" class="caption" role="heading"><span class="caption-text">Lab Environments</span></p> <ul> <li class="toctree-l1"><a class="reference internal" href="environments/_helper-docs/README.html">Helper Docs</a></li> <li class="toctree-l1"><a class="reference internal" href="environments/README.html">Lab Environments</a></li> </ul> </div> <div class="toctree-wrapper compound"> <p aria-level="2" class="caption" role="heading"><span class="caption-text">Lab Guides</span></p> <ul> <li class="toctree-l1"><a class="reference internal" href="labs/README.html">All Labs</a></li> <li class="toctree-l1"><a class="reference internal" href="labs/GoldenSAML/README.html">Golden SAML</a></li> </ul> </div> </div> </div> <script type="text/x-thebe-config"> { requestKernel: true, binderOptions: { repo: "binder-examples/jupyter-stacks-datascience", ref: "master", }, codeMirrorConfig: { theme: "abcdef", mode: "python" }, kernelOptions: { kernelName: "python3", path: "./." }, predefinedOutput: true } </script> <script>kernelName = 'python3'</script> </div> </main> <footer class="footer-article noprint"> <!-- Previous / next buttons --> <div class='prev-next-area'> <a class='right-next' id="next-link" href="environments/_helper-docs/README.html" title="next page"> <div class="prev-next-info"> <p class="prev-next-subtitle">next</p> <p class="prev-next-title">Helper Docs</p> </div> <i class="fas fa-angle-right"></i> </a> </div> </footer> </div> </div> <div class="footer-content row"> <footer class="col footer"><p> By Microsoft Corporation<br/> © Copyright 2022.<br/> </p> </footer> </div> </div> </div> </div> <!-- Scripts loaded after <body> so the DOM is not blocked --> <script src="_static/scripts/pydata-sphinx-theme.js?digest=1999514e3f237ded88cf"></script> </body> </html>