CoursesAttacking and Defending Azure & M365

on-demand

live

cloud

Learn to attack, defend, and mitigate real-world attacks in Azure and Microsoft 365.

The 2-day intensive course will completely demystify Microsoft cloud and leave you with the ability to replicate advanced attacks, detect APT-level threats and provide you with the knowledge to mitigate each one of the attacks. In two real-world Azure/M365 scenarios—the vulnerabilities, real world attack vectors, and defensive measures will be examined, replicated (by you) and detected (by you) during this course. Students will walk away with a comprehensive overview of the novel techniques utilized by attackers from reconnaissance through to exfiltration including mitigation techniques for each of the attacks.

Enquire here
for Private Training

On-Demand

Live/Virtual

/Course Details

Attacking and Defending Azure & M365

$1,550 USD

Buy Course

365 Day Access

111 Videos

26 Labs

16+ Hours of Content

/Course Trainer

Trainer

InverseCos (Lina)

Founder of XINTRA, Lina has worked in Incident Response for multiple years leading complex international cases covering sectors such as national defence, banking, energy, and manufacturing. Lina is a Black Hat trainer, SANS advisory board member and has presented at several international conferences and authored a book on cybersecurity. She currently holds the following certifications: GXPN, GASF, GREM, GCFA and OSCP.

@inversecos

Fig. ACourse Syllabus

01.

Introduction

Introduction/ NEWPreview

02.

Overview of Azure/M365

Module 2 Links and Resources

Updates to ENTRA ID/ NEW

Overview of Azure/M365 Lecture

03.

Setting Up Your Environment

Module 3 Links and Resources

Setting up your own environment/ NEW

04.

Log Analysis Using SOF-ELK

Module 4 Links and Resources

SOF-ELK Overview and Setup

05.

Reconnaissance & Enumeration

Module 5 Links and Resources

ATTACK - Enumerate Users and Domains

DETECT - Enumerate Users and Domains

ATTACK - Post Exploitation Reconnaissance

DETECT - Post Exploitation Reconnaissance

ATTACK - Access Packages (Insider)/ NEW

DETECT - Access Packages (Insider)/ NEW

MITIGATE - Access Packages (Insider)/ NEW

06.

Initial Access Techniques

Module 6 Links and Resources

ATTACK - Password Spraying M365

DETECT - Password Spraying M365

MITIGATE - Password Spraying M365

ATTACK - OWA Password Spraying

DETECT - OWA Password Spraying

MITIGATE - OWA Password Spraying

ATTACK - OAuth Abuse

DETECT - OAuth Abuse

MITIGATE - OAuth Abuse

ATTACK - Device Code Authentication Abuse

DETECT - Device Code Authentication Abuse

MITIGATE - Device Code Authentication Abuse

ATTACK - M365 Business Email Compromise

DETECT - M365 Business Email Compromise

MITIGATE - M365 Business Email Compromise

ATTACK - Bypassing MFA and CA/ NEW

DETECT - Bypassing MFA and CA/ NEW

MITIGATE - Bypassing MFA and CA/ NEW

07.

Credential Theft

Module 7 Links and Resources

ATTACK - Golden SAML Attack

DETECT - Golden SAML Attack

MITIGATE - Golden SAML Attack

ATTACK - Attacking Key Vaults

DETECT - Attacking Key Vaults

MITIGATE - Attacking Key Vaults

ATTACK - Skeleton Keys (PTA Abuse)

DETECT - Skeleton Keys (PTA Abuse)Preview

MITIGATE - Skeleton Keys (PTA Abuse)

ATTACK - Stealing Access Tokens from Office Apps

DETECT - Stealing Access Tokens from Office Apps

MITIGATE - Stealing Access Tokens from Office Apps

ATTACK - Extract Passwords from Automation Accounts

DETECT - Extract Passwords from Automation Accounts

MITIGATE - Extract Passwords from Automation Accounts

ATTACK - Hunting Credentials in Previous Deployment

DETECT - Hunting Credentials in Previous Deployment

08.

Lateral Movement Techniques

Module 8 Links and Resources

ATTACK - Pass the PRT

DETECT - Pass the PRT

MITIGATE - Pass the PRT/ NEW

ATTACK - Pass the Cookie

DETECT - Pass the Cookie

MITIGATE - Pass the Cookie

ATTACK - Abusing Managed Identities

DETECT - Abusing Managed Identities

MITIGATE - Abusing Managed Identities

ATTACK - Virtual Machine Abuse

DETECT - Virtual Machine Abuse

MITIGATE - Virtual Machine Abuse

ATTACK - Azure Lighthouse/ NEW

DETECT - Azure Lighthouse/ NEW

MITIGATE - Azure Lighthouse/ NEW

ATTACK - Microsoft Intune/ NEW

DETECT - Microsoft Intune/ NEW

MITIGATE - Microsoft Intune/ NEW

ATTACK - Azure Arc Custom Script Extension/ NEW

DETECT - Azure Arc Custom Script Extension/ NEW

MITIGATE - Azure Arc Custom Script Extension/ NEW

09.

Privilege Escalation

Module 9 Links and Resources

Abusing Azure AD / RBAC Roles

ATTACK - Cloud Administrator AbusePreview

DETECT - Cloud Administrator Abuse

MITIGATE - Cloud Administrator Abuse

ATTACK - User Administrator Abuse

DETECT - User Administrator Abuse

MITIGATE - User Administrator Abuse

ATTACK - Abusing Family of Client IDs/ NEW

DETECT - Abusing Family of Client IDs/ NEW

MITIGATE - Abusing Family of Client IDs/ NEW

10.

Persistence Techniques

Module 10 Links and Resources

ATTACK - AAD Federated Backdoor

DETECT - AAD Federated Backdoor

MITIGATE - AAD Federated Backdoor

ATTACK - Malicious MFA Takeover

DETECT - Malicious MFA Takeover

MITIGATE - Malicious MFA Takeover

ATTACK - Service Principal Abuse

DETECT - Service Principal Abuse

MITIGATE - Service Principal Abuse

ATTACK - Automation Account Abuse

DETECT - Automation Account Abuse

MITIGATE - Automation Account Abuse

ATTACK - Compromising Azure Blobs & Storage Accounts

DETECT - Compromising Azure Blobs & Storage Accounts

MITIGATE - Compromising Azure Blobs & Storage Accounts

ATTACK - Malicious Device Join

DETECT - Malicious Device Join

MITIGATE - Malicious Device Join

ATTACK - Directory Synchronization Accounts/ NEW

DETECT - Directory Synchronization Accounts/ NEW

MITIGATE - Directory Synchronization Accounts/ NEW

ATTACK - Cross Tenant Synchronization/ NEW

DETECT - Cross Tenant Synchronization/ NEW

MITIGATE - Cross Tenant Synchronization/ NEW

11.

Defense Evasion

Module 11 Links and Resources

ATTACK - Disabling Auditing

DETECT - Disabling Auditing

MITIGATE - Disabling Auditing

ATTACK - Spoofing Azure Sign-in Logs

DETECT - Spoofing Azure Sign-in Logs

MITIGATE - Spoofing Azure Sign-in Logs

ATTACK - Registering Fake Agents for Log Spoofing

DETECT - Registering Fake Agents for Log Spoofing

MITIGATE - Registering Fake Agents for Log Spoofing

/Frequently Asked Questions

Attacking and Defending Azure & M365

$1,550 USD

Buy Course

/More Courses

iOS Reversing & Exploitation ARM64

on-demand

offence

Advanced APT Threat Hunting & IR

on-demand

live

offence