Is there a _good_ course on Azure forensics I can attend?
-
Is there a _good_ course on Azure forensics I can attend?
Serious question, please don't reply with "Meditation" or "Become a Monk", etc.
P.S. Please not a beginner's course, assume I've been messing around in Unix kernels since 1986 and have a pretty decent forensic skill set in civilised operating systems and networks. I just appreciate the subtleties of the VMS heritage of the NT kernel but little above it
-
Is there a _good_ course on Azure forensics I can attend?
Serious question, please don't reply with "Meditation" or "Become a Monk", etc.
P.S. Please not a beginner's course, assume I've been messing around in Unix kernels since 1986 and have a pretty decent forensic skill set in civilised operating systems and networks. I just appreciate the subtleties of the VMS heritage of the NT kernel but little above it
@cynicalsecurity I speak purely to it existing, not if it is good nor bad. But sans has a cloud forensics course https://www.sans.org/cyber-security-courses/enterprise-cloud-forensics-incident-response. But as with everything sans, it’s hideously expensive. The author’s blog and/or the sans white paper library may contain enough nuggets for you to make progress with what youre trying to accomplish. My personal experience trying to understand azure logs is ‘here there be dragons.’ and is over the top with dumb design decisions. Actually, the more common response is azure going, ‘logs? lol. lmao.’
Cisa also has some m365/azure related tooling that may or may not help, https://github.com/cisagov , untitledgoose and scuba something may help point you in the right direction as well.
-
R relay@relay.infosec.exchange shared this topic
