Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

BECs and Beyond - Investigating and Defending Office 365

0xdade via YouTube

Overview

Explore the evolving landscape of cloud security in this 49-minute conference talk focusing on Microsoft Office 365. Analyze two real-world attack case studies targeting Office 365, examining the tactics, techniques, and procedures (TTPs) of financially and information-motivated threat actors. Learn how to optimize Office 365 for investigations, understand available log sources and their limitations, and discover recommendations for enhancing Office 365 security. Gain insights from Douglas Bienstock, a Mandiant professional experienced in Incident Response and Red Team work, as he shares lessons learned from investigations to help organizations stay ahead of cyber threats.

Syllabus

Intro
Roadmap
Introduction
Modern vs Legacy Authentication
Core Logs
Unified Audit Log
Mailbox Audit Log
Admin Audit Logs
Remain undetected
Find the rules!
Change banking information
Attacker logs in
Access other Mailboxes
Azure AD PowerShell
OAuth Abuse
Exchange Online message read auditing
Exchange Online Sessions
What did we learn?

Taught by

0xdade

Reviews

Start your review of BECs and Beyond - Investigating and Defending Office 365

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.