DynamicEscalate

DynamicEscalate is a blue team lab that falls under the Cloud Forensics category and will cover the following subjects: Microsoft Sentinel, Azure Monitor, Azure AD Sign-in Logs, Azure AD Workbooks, Initial Access, Execution, Persistence, Privilege Escalation, Defense Evasion, Lateral Movement.

Learning Objectives

Reconstruct a Microsoft Entra ID privilege escalation chain by correlating Exchange message traces, Azure AD telemetry, and unified audit logs using KQL.

Categories: Cloud Forensics.

MITRE ATT&CK Tactics: Initial Access, Execution, Persistence, Privilege Escalation, Defense Evasion, Lateral Movement.

Tools: Microsoft Sentinel, Azure Monitor, Azure AD Sign-in Logs, Azure AD Workbooks.

Difficulty: easy.