Rogue Azure is a blue team lab that falls under the Cloud Forensics category and will cover the following subjects: Microsoft Sentinel, Azure Monitor, KQL Query Editor, Azure AD Sign-in Logs, Initial Access, Persistence, Privilege Escalation, Defense Evasion, Credential Access, Discovery, Lateral Movement, Collection, Exfiltration.
Learning Objectives
Reconstruct a multi-stage Azure attack timeline by analyzing Entra ID, Audit, and Storage Blob logs using Kusto Query Language to identify initial access, persistence, privilege escalation, and data exfiltration.