Shadow Token Symphony - APT29 Lab

InfiniteTechSolutions recently experienced suspicious activity in their Azure environment. Using Microsoft Sentinel, the security team detected unusual login patterns, unauthorized service installations, and anomalous API calls targeting their Microsoft Graph endpoint. Multiple user accounts appear to have been compromised, and there are signs of privilege escalation and persistent access mechanisms being established. The incident occurred in July 2025, with activities spanning across various systems including workstations and cloud services. Your objective is to use Microsoft Sentinel to analyze the provided logs, identifying the attack timeline, compromised accounts, malicious activities, and persistence mechanisms used by the attacker. 📝 Important Note: Please...