Shadow Token Symphony - APT29

Shadow Token Symphony - APT29 is a blue team lab that falls under the Cloud Forensics category and will cover the following subjects: Microsoft Sentinel, Initial Access, Execution, Persistence, Privilege Escalation, Defense Evasion, Credential Access, Discovery, Lateral Movement.

Learning Objectives

Synthesize KQL findings across Windows events and Azure logs to reconstruct an APT29 multi-stage cloud attack, identifying persistence mechanisms and data exfiltration.

Categories: Cloud Forensics.

MITRE ATT&CK Tactics: Initial Access, Execution, Persistence, Privilege Escalation, Defense Evasion, Credential Access, Discovery, Lateral Movement.

Tools: Microsoft Sentinel.

Difficulty: medium.