Get-RoleGroup - Detecting Attacker Enumeration in Microsoft 365 Exchange with Purav Desai | EP. 7

Visit my sponsor to view the current average annual salary for a Cybersecurity degree and learn how to get started.

⁠Purav's LinkedIn⁠

⁠Deciphering UAL

Exchange Admin Audit Logging

Office365 Management Activity API

Connect-IPPSSession

_____________

TIMESTAMPS:

00:00 Intro

00:36 Get-RoleGroup Operation

01:37 Enumeration is not logged??

05:53 SNHU

07:22 Using the Security Compliance Center EOPCmdlet

08:54 Abusing Purview Compliance & E-Discovery

10:21 Useful Log Fields & Key Fields of note

12:48 Attack Demo

14:45 Fields to Decipher

15:51 How To Detect/Analyse

17:59 Get-RoleGroupMember

19:39 Useful Log Fields

20:30 Attack Demo

23:01 Segmentation Of Behaviors

23:57 Connect-IPPSSession

26:07 Final Thoughts

27:40 Outro

_____________

⚡️⁠⁠⁠⁠JOIN 6,000+ CWX MEMBERS ON DISCORD⁠⁠⁠⁠

📰 ⁠⁠⁠⁠SUBSCRIBE TO THE CYBERWOX UNPLUGGED NEWSLETTER⁠⁠⁠⁠

🥶 ⁠⁠⁠⁠CYBERWOX MERCH⁠⁠⁠⁠

_____________

🧬 CYBERWOX RESOURCES

🔹 ⁠⁠⁠⁠Cyberwox Cybersecurity Notion Templates for planning your career⁠⁠⁠⁠🔹 ⁠⁠⁠⁠Cyberwox Best Entry-Level Cybersecurity Resume Template⁠⁠⁠⁠

🔹 ⁠⁠⁠⁠Learn AWS Threat Detection with my LinkedIn Learning Course⁠⁠⁠⁠

_____________

📱 LET'S CONNECT

→ ⁠⁠⁠⁠IG⁠⁠⁠⁠

→ ⁠⁠⁠⁠Threads⁠⁠⁠⁠

→ ⁠⁠⁠⁠Substack⁠⁠⁠⁠

→ ⁠⁠⁠⁠Twitter⁠⁠⁠⁠

→ ⁠⁠⁠⁠Linkedin⁠⁠⁠⁠

→ ⁠⁠⁠⁠Tiktok⁠⁠⁠⁠

Email: day@cyberwox.com

_____________

⚠️DISCLAIMER

This description has some affiliate links, and I may receive a small commission for purchases made through these links. I appreciate your support!