AZ-500 Courses :::spoiler :::info Pluralsight - Microsoft Azure Security Technologies (AZ-500):exclamation: Please Note that some courses appear as "Comming Soon" in the path page, but actually are already available on the site and can be accessed by using search. Udemy - AZ-500: Microsoft Azure Security Technologies Microsoft Learn:exclamation: Please Note that this document is based in part on the learning paths listed below. The links for the path themselves are provided for completeness sake, but it's recommended to complete the different Microsoft Learn modules that are a part of the below paths in the order outlined here:::spoiler Learning PathsThreat Modeling Security Fundamentals Manage identity and access in Azure Active Directory Implement resource management security in Azure Implement network security in Azure

[TOC] SDLC Overview Threat Modelling Introduction to Microsoft® Security Development Lifecycle (SDL) Threat Modeling {%pdf https://people.eecs.berkeley.edu/~daw/teaching/cs261-f12/hws/Introduction_to_Threat_Modeling.pdf %} {%slideshare AdamEnglander/threat-modeling-for-dummies-cascadia-php-2018 %}

[TOC] Bit's and bytes yet left to document here [ ] Volexity post on SAML golden ticket [ ] Microsoft's view on the matter Timeline (Source: A Timeline Perspective of the SolarStorm Supply-Chain Attack)

COVID-19 Virtual Conferences & Webinars In addition to causing a massive movement of the work force to working from, the social-distancing meausures required to flatten the curve are also forcing multiple infosec conferences to go all virtual, and cause a boom of webinars. This note will try to list as many of them as possible - in order to promote and make this great form of infosec education accessible. [TOC] Webinars :::spoiler Past webinars Name Dates

[TOC] OSINT & Recon Attack infrastructure is often easy to identify, appearing like a shell of a legitimate server thus we will need to take additional steps with our infrastructure to increase the likelihood of blending in with real servers, and keep our adversaries (incident responders & blue teams) away - or face the consequences of burned infrastructure (as the following Twit demonstrates). [name=Remco Verhoef (@remco_verhoef)] [time=March 12, 2019] Powershell Empire http(s) listeners have unique signature, can be used to search on @censysio. Using \n newlines instead of \r\n, returning 200 instead of 404 and append extra spaces for non-existing urls. List of found servers added to gist. Redteaming? https://gist.github.com/nl5887/230e10909c8369b9586db76f0b12a400 https://pic.twitter.com/t1eEdufNKt In order to make our steps at obscuring our infrastructure as efficient as possible - a through understanding of the tools incident responders use while hunting for red team infrastructure is required. In the following sections - we'll cover various such methods, datasets commonly used and go over some additional premiers of when failing to properly obscure one infrastructure let to the burning of the infrastrucre (or even the whole operation).

[TOC] General Linux Malware Overview Modern Linux Malware Exposed The research on analysis and detection of malware has shown notable progresses over the years, but mainly related to malicious programs for Windows systems. However, the adoption of Linux-based machines (e.g. servers, desktops, IoT devices) is rapidly increasing, attracting the attention of malware writers. Linux malware pose new challenges going from their ability to target a broad choice of CPU architectures, to the study of malicious techniques different from the ones seen in the Windows world. In this presentation we propose the first automatic analysis pipeline to perform large-scale analysis of Linux malware. Our system tries to avoid, or limit, reverse engineering efforts usually performed manually. For example, some analysis modules, run as parallel jobs, are in charge of performing static analysis on the binary and its ELF header. On the other hand, the modules for dynamic analysis runs Linux samples in sandboxes for x86, ARM, MIPS or PPC architectures.

[TOC] How to learn from slidedecks? Slidedecks tend to be the most condensed way to present and transfer information, they assume some (often a lot) prior knowledge - and a presenter that supplies the narrative and the context needed to understand a slidedeck. Thus when trying to learn from a slide deck, make sure you understand the big picture presented, and every detail mentioned in the slide. Don't be content with just explaining to yourself - spin up a VM and try to redo what's presented in the slide (if possible). To make your learning expierence easier this document tries to include the presentaion video with each slidedeck, in addition to tutorials and reading material to fill in the required prior knowledge. To get the most of this document - always start with the slidedeck (when availalble), if you don't understand go over the linked documents and then watch the presentation video (if not available - re-read the slidedeck). Overview