AzureSpray is a blue team lab that falls under the Cloud Forensics category and will cover the following subjects: Microsoft Sentinel, Azure Monitor, KQL Query Editor, Azure AD Sign-in Logs, Identity Protection, Azure AD Workbooks, Initial Access, Persistence, Privilege Escalation, Defense Evasion, Credential Access, Discovery.
Learning Objectives
Master the detection, investigation, and remediation of password spray attacks in Azure AD by analyzing sign-in logs with KQL queries, identifying attack patterns and compromised accounts, implementing Microsoft Sentinel analytics rules for automated detection, and applying security controls including Smart Lockout, Conditional Access policies, and incident response playbooks to protect against credential-based attacks.