New-RoleGroup - Detecting Privilege Escalation in Microsoft 365 with Purav Desai

https://is1-ssl.mzstatic.com/image/thumb/Podcasts211/v4/8f/8b/4b/8f8b4b7c-0aef-e162-be28-476d9a9e7d36/mza_9900111694076175621.jpg/600x600bb.jpg

Detection Opportunities

CYBERWOX

9 episodes

5 days ago

Detection Opportunities is a podcast for security professionals who care about building resilient detection and response systems. Each episode explores real-world attacks, breaks down how signals become insights, and dives into the engineering mindset behind effective threat detection, investigation, and defense. Grounded in frontline experience across SIEM development, security operations, incident response, and threat hunting, this show brings a practical, systems-level lens to modern security engineering.

Technology

RSS

All content for Detection Opportunities is the property of CYBERWOX and is served directly from their servers with no modification, redirects, or rehosting. The podcast is not affiliated with or endorsed by Podjoint in any way.

Technology

https://d3t3ozftmdmh3i.cloudfront.net/staging/podcast_uploaded_nologo/43563165/43563165-1745889509474-7bb8047c5945c.jpg

New-RoleGroup - Detecting Privilege Escalation in Microsoft 365 with Purav Desai | EP. 5

Detection Opportunities

21 minutes 53 seconds

6 months ago

New-RoleGroup - Detecting Privilege Escalation in Microsoft 365 with Purav Desai | EP. 5

Learn how to decipher the Microsoft Unified Audit Log (UAL) from a Digital Forensics & Incident Response (DFIR) perspective with Purav Desai, an experienced M365/Azure Incident Responder.

⁠Purav's LinkedIn⁠

⁠Deciphering UAL⁠

⁠Learn about auditing solutions in Microsoft Purview⁠

_____________

TIMESTAMPS

00:00 Intro

00:20 Deciphering New-RoleGroup

09:06 Key Fields

10:11 Deciphering with Exchange Online PowerShell

13:42 Detection Opportunities

16:16 SIEM & Attacker Tactics

21:43 Outro