Offensive and Defensive Security of Microsoft 365 («365SEC»)

• Knowing how killchain can be executed by attackers
• Using MITRE ATT&CK framework by defenders
• Knowing how traditional security solutions may fail to prevent sophisticated attacks
• Configuring Defender for Office 365 capabilities to protect users against threats
• Deploying Defender for Endpoint to devices and protecting them against malware and ransomware
• Deploying Defender for Identity to an on-premises Active Directory to protect it from threats against identities, such as golden ticket and domain dominance
• Investigating security incidents using the Microsoft 365 Defender

Module 1 – Navigating the Battlefield: Leveraging MITRE ATT&CK^® Tactics
Execution of complete kill chain from Reconnaissance to Exfiltration with elevation to domain dominance privileges. Demonstration of attacker behavior to understand how to prevent or investigate cyberattacks.

Module 2 – Defense Evasion
While defenders implement security features, attackers learn to bypass them. Defenders should also learn evasion techniques to keep up with attackers.

Get insights on Windows 10 and 11 security bypasses like: Defender antivirus, Applocker, PowerShell AMSI, ASR rules etc. Furthermore, cloud security features like Microsoft Defender for Office will also be explored

Module 3 – Prevention and Detection with Microsoft 365 Defender
Protect your modern workplace from modern attacks with Microsoft 365 Defender.

• Policies to prevent phishing attacks
• Detect and prevent lateral movement
• Investigation with Microsoft 365 Defender

Module 4 – Ransomware Protection
Ransomware has caused a lot of damage to companies of all sizes. While defenders improve their detection methods, attackers learn as well. The goal of defenders is to be one step ahead.

• Configure ASR rules that prevent ransomware
• Configure Controlled Folder Access to protect data
• Configure user data recovery
• Third-party solutions for tenant recovery

Hands-on Labs
The course is accompanied by labs that will allow students to test some cyberattacks and protection against them:

• LAB 1: Go phishing with Microsoft Defender for Office 365
• LAB 2: Deploying Microsoft Defender for Identity and Endpoint
• LAB 3: Put on a gray hat and simulate attacks
• LAB 4: Deploying ASR rules
• LAB 5: Deploying Controlled Folder Access
• LAB 6: Hardening Applocker to prevent bypass

This training includes demo-based lectures and hands-on labs

Security analysts, security engineers, penetration testers

Experience with Microsoft 365, Azure cloud services as well as Windows and Linux operating systems

About the instructor:

Sergey Chubarov is a Security and Cloud Expert, Instructor with 15+ years' experience on Microsoft technologies. His day-to-day job is to help companies securely embrace cloud technologies.

He has certifications and recognitions such as Microsoft MVP: Security, OSCP, OSEP, eCPPT, eCPTX, Microsoft Certified Trainer, MCT Regional Lead, EC Council CEH, CPENT, LPT, CCSE, CEI, CREST CPSA, CRT and more.

Sergey is a frequent speaker at local and international conferences like Global Azure, DEF CON, Black Hat Europe, Wild West Hackin' Fest, Security BSides, Workplace Ninja, Midwest Management Summit, Hack in the Box, Hack in Paris etc. He prefers live demos and cyberattacks simulations.