Detecting Privilege Escalation Techniques in Microsoft 365 ~ Detection Opportunities EP 5

Learn how to decipher the Microsoft Unified Audit Log (UAL) from a Digital Forensics & Incident Response (DFIR) perspective with Purav Desai, an experienced M365/Azure Incident Responder.


Purav's LinkedIn: LinkedIn: purav-da346393
Deciphering UAL: https://github.com/PuravsPoint/Deciph...



TIMESTAMPS:
00:00 Intro
00:20 Deciphering New-RoleGroup
09:06 Key Fields
10:11 Deciphering with Exchange OnlinePowershell
13:42 Detection Opportunities
16:16 SIEM & Attacker Tactics
21:43 Outro



_____________
⚙️ OTHER RESOURCES

🔹My Content Equipment, Book Recommendations & Desk Setup: https://www.amazon.com/shop/daycyberwox

_____________
⚡️JOIN CYBERWOX ACADEMY ON DISCORD!
Discord: discord
_____________
📱 LET'S CONNECT
IG: Instagram: daycyberwox​
Twitter: Twitter: DayCyberwox​
Linkedin: LinkedIn: dayspringjohnson
Tiktok: TikTok: cyberwox


Email: [email protected]

_____________
#️⃣ Relevant Hashtags
#cybersecurity #hacking #cloudcomputing #cloudsecurity #technology #tech #dallas #texas #cloud


_____________
⚠️DISCLAIMER

This video description has some affiliate links, and I may receive a small commission for purchases made through these links. Thank you for your support!

• #science_technology
• #cybersecurity
• #daycyberwox
• #cloud_security
• #threat_detection
• #dfir
• #m365
• #audit_logging
• #m365_security
• #microsoft_365
• #cybersecurity_analyst_day_in_the_life
• #exchange_admin
• #microsoft_exchange
• #microsoft_azure
• #azure_sentinel
• #incident_response
• #microsoft_incident_response
• #microsoft_threat_detection
• #microsoft_purview_compliance
• #microsoft_sentinel
• #purview_ediscovery
• #purview_audit
• #purview_compliance
• #microsoft_ediscovery
• #entra_id
• #microsoft_defender_for_office_365_mdo