Category: Cyber Security/Cloud

AZ-500 Entra ID – Role Based Access Control Lab (portal, powershell, bash)

source: AZ500-AzureSecurityTechnologies Exercise 1: Create the Senior Admins group with the user account Joseph Price…

SC-200 Sentinel – Privilege escalation attack – Simulation, detection and response

source: SC-200T00A-Microsoft-Security-Operations-Analyst Part 1: Run the attack In this guide we will simulate an attacker…

SC-200 Create automation rule

In this demo we are creating an automation rule to change the severity and status…

SC-200 Collect logs from non-azure-Linux VM host to Microsoft Sentinel using Azure Arc and Syslog AMA

Step 1 – Install and configure Rsyslog To install rsyslog on Ubuntu execute this from…

SC-200 Connect Windows devices to Microsoft Sentinel using data connectors

source: SC-200T00A-Microsoft-Security-Operations-Analyst Task 1: Create a Windows VM in Azure Go to Marketplace, search for…

SC-200 Configure your Microsoft Sentinel environment

source: SC-200T00A-Microsoft-Security-Operations-Analyst Task 1: Initialize the Microsoft Sentinel Workspace go to Log Analytics Workspace and…

Creating a Workbook (Dashboard) on Sentinel

Open Sentinel > and click on Workbooks located under the Threat management tab Select Add…

Deploying Sentinel All In One

Sentinel All In One allows you to have a fully fledged ready to use Sentinel…

Create a Honeypot VM in Azure – pt2 Investigation using Elasticsearch

Here we will conduct an investigation of one of the attacks conducted against our previously…

Create a HoneyPot VM in Azure – pt1

Create VM with the following specifications: VM Image: Debian 11 “Bullseye” – x64 Gen2Size: Standard_D4S_V3…