Hands-on workshop: SimuLogger, because legally being a Threat Actor is always a win

15:00-17:00 PDT | Aug 9^th 2024 | Adversary Village Area | Las Vegas Convention Center.
Adversarial tradecraft

Cloud Penetration Testing has become a hot topic in the offensive community, as the cloud based infrastructures have been slowly taking the place on-prem ones used to have. This requires a tool to help with securing it. SimuLogger is an attack simulation tool, designed to simulate different attacks on AWS, Azure (Graph and Management API related events), as well as threat actors like GUI-vel, Scatter Spider and Legion. SimuLogger comes as a two parter, one being a Python Library of Attacks called SimuLib and the other a wrapper of this library which simulates the attacks. It is built to deploy the environment, simulate the attack and clean up. All of it is easily programmable and extend, allowing for attack altering and tampering, according to the needs of the user. It is built with extendibility and simplicity in mind, allowing for new attacks to be added to the library, while also allowing for easy modification of current scenarios. Using it, a Security Engineer can setup resources on a multi-cloud infrastructure and attack them. Each provider, service and resource is easily setup, but for cases where a certain service is not used, a porting of AWS and Azure APIs is created, allowing direct access and usage to them.