Get-RoleGroup - Detecting Attacker Enumeration in Microsoft 365 Exchange with Purav Desai | EP. 7

EXPLORE

Society & Culture

Health & Fitness

© 2024 PodJoint

https://is1-ssl.mzstatic.com/image/thumb/Podcasts211/v4/8f/8b/4b/8f8b4b7c-0aef-e162-be28-476d9a9e7d36/mza_9900111694076175621.jpg/600x600bb.jpg

Detection Opportunities

CYBERWOX

9 episodes

5 days ago

Detection Opportunities is a podcast for security professionals who care about building resilient detection and response systems. Each episode explores real-world attacks, breaks down how signals become insights, and dives into the engineering mindset behind effective threat detection, investigation, and defense. Grounded in frontline experience across SIEM development, security operations, incident response, and threat hunting, this show brings a practical, systems-level lens to modern security engineering.

Show more...

All content for Detection Opportunities is the property of CYBERWOX and is served directly from their servers with no modification, redirects, or rehosting. The podcast is not affiliated with or endorsed by Podjoint in any way.

Detection Opportunities is a podcast for security professionals who care about building resilient detection and response systems. Each episode explores real-world attacks, breaks down how signals become insights, and dives into the engineering mindset behind effective threat detection, investigation, and defense. Grounded in frontline experience across SIEM development, security operations, incident response, and threat hunting, this show brings a practical, systems-level lens to modern security engineering.

Show more...

https://d3t3ozftmdmh3i.cloudfront.net/staging/podcast_uploaded_nologo/43563165/43563165-1745889509474-7bb8047c5945c.jpg

Get-RoleGroup - Detecting Attacker Enumeration in Microsoft 365 Exchange with Purav Desai | EP. 7

Detection Opportunities

27 minutes 52 seconds

6 months ago

Get-RoleGroup - Detecting Attacker Enumeration in Microsoft 365 Exchange with Purav Desai | EP. 7

Visit my sponsor to view the current average annual salary for a Cybersecurity degree and learn how to get started.

⁠Purav's LinkedIn⁠

⁠Deciphering UAL

Exchange Admin Audit Logging

Office365 Management Activity API

Connect-IPPSSession

_____________

TIMESTAMPS:

00:00 Intro

00:36 Get-RoleGroup Operation

01:37 Enumeration is not logged??

05:53 SNHU

07:22 Using the Security Compliance Center EOPCmdlet

08:54 Abusing Purview Compliance & E-Discovery

10:21 Useful Log Fields & Key Fields of note

12:48 Attack Demo

14:45 Fields to Decipher

15:51 How To Detect/Analyse

17:59 Get-RoleGroupMember

19:39 Useful Log Fields

20:30 Attack Demo

23:01 Segmentation Of Behaviors

23:57 Connect-IPPSSession

26:07 Final Thoughts

27:40 Outro

_____________

⚡️⁠⁠⁠⁠JOIN 6,000+ CWX MEMBERS ON DISCORD⁠⁠⁠⁠

📰 ⁠⁠⁠⁠SUBSCRIBE TO THE CYBERWOX UNPLUGGED NEWSLETTER⁠⁠⁠⁠

🥶 ⁠⁠⁠⁠CYBERWOX MERCH⁠⁠⁠⁠

_____________

🧬 CYBERWOX RESOURCES

🔹 ⁠⁠⁠⁠Cyberwox Cybersecurity Notion Templates for planning your career⁠⁠⁠⁠🔹 ⁠⁠⁠⁠Cyberwox Best Entry-Level Cybersecurity Resume Template⁠⁠⁠⁠

🔹 ⁠⁠⁠⁠Learn AWS Threat Detection with my LinkedIn Learning Course⁠⁠⁠⁠

_____________

📱 LET'S CONNECT

→ ⁠⁠⁠⁠IG⁠⁠⁠⁠

→ ⁠⁠⁠⁠Threads⁠⁠⁠⁠

→ ⁠⁠⁠⁠Substack⁠⁠⁠⁠

→ ⁠⁠⁠⁠Twitter⁠⁠⁠⁠

→ ⁠⁠⁠⁠Linkedin⁠⁠⁠⁠

→ ⁠⁠⁠⁠Tiktok⁠⁠⁠⁠

Email: day@cyberwox.com

_____________

⚠️DISCLAIMER

This description has some affiliate links, and I may receive a small commission for purchases made through these links. I appreciate your support!