Course

Offensive and Defensive Security of Microsoft 365 («365SEC»)

The course allows you to look at cloud security from both sides: attacker and defender. Understanding how attackers act and think allows you to build a much better defense.

Duration 3 days

Price 2'950.–

Add to watch List

Course facts

Key Learnings

Knowing how killchain can be executed by attackers
Using MITRE ATT&CK framework by defenders
Knowing how traditional security solutions may fail to prevent sophisticated attacks
Configuring Defender for Office 365 capabilities to protect users against threats
Deploying Defender for Endpoint to devices and protecting them against malware and ransomware
Deploying Defender for Identity to an on-premises Active Directory to protect it from threats against identities, such as golden ticket and domain dominance
Investigating security incidents using the Microsoft 365 Defender

Content

Module 1 – Navigating the Battlefield: Leveraging MITRE ATT&CK^® Tactics
Execution of complete kill chain from Reconnaissance to Exfiltration with elevation to domain dominance privileges. Demonstration of attacker behavior to understand how to prevent or investigate cyberattacks.

Module 2 – Defense Evasion
While defenders implement security features, attackers learn to bypass them. Defenders should also learn evasion techniques to keep up with attackers.

Get insights on Windows 10 and 11 security bypasses like: Defender antivirus, Applocker, PowerShell AMSI, ASR rules etc. Furthermore, cloud security features like Microsoft Defender for Office will also be explored

Module 3 – Prevention and Detection with Microsoft 365 Defender
Protect your modern workplace from modern attacks with Microsoft 365 Defender.

Policies to prevent phishing attacks
Detect and prevent lateral movement
Investigation with Microsoft 365 Defender

Module 4 – Ransomware Protection
Ransomware has caused a lot of damage to companies of all sizes. While defenders improve their detection methods, attackers learn as well. The goal of defenders is to be one step ahead.

Configure ASR rules that prevent ransomware
Configure Controlled Folder Access to protect data
Configure user data recovery
Third-party solutions for tenant recovery

Hands-on Labs
The course is accompanied by labs that will allow students to test some cyberattacks and protection against them:

LAB 1: Go phishing with Microsoft Defender for Office 365
LAB 2: Deploying Microsoft Defender for Identity and Endpoint
LAB 3: Put on a gray hat and simulate attacks
LAB 4: Deploying ASR rules
LAB 5: Deploying Controlled Folder Access
LAB 6: Hardening Applocker to prevent bypass

Methodology & didactics

This training includes demo-based lectures and hands-on labs

Target audience

Security analysts, security engineers, penetration testers

Requirements

Experience with Microsoft 365, Azure cloud services as well as Windows and Linux operating systems

Additional information

About the instructor:

Sergey Chubarov is a Security and Cloud Expert, Instructor with 15+ years' experience on Microsoft technologies. His day-to-day job is to help companies securely embrace cloud technologies.

He has certifications and recognitions such as Microsoft MVP: Security, OSCP, OSEP, eCPPT, eCPTX, Microsoft Certified Trainer, MCT Regional Lead, EC Council CEH, CPENT, LPT, CCSE, CEI, CREST CPSA, CRT and more.

Sergey is a frequent speaker at local and international conferences like Global Azure, DEF CON, Black Hat Europe, Wild West Hackin' Fest, Security BSides, Workplace Ninja, Midwest Management Summit, Hack in the Box, Hack in Paris etc. He prefers live demos and cyberattacks simulations.

Download

Download course details as PDF

Questions

Any questions?

I would like to book this course as a company course

Choose your date

Lernen Sie Ihre Trainer kennen

Sergey Chubarov

Trainer

Sergey Chubarov is a Security and Cloud Expert, Instructor with 15+ years of experience on Microsoft technologies. His day-to-day job is to help compa...