Cloud

I would like to thank FDCA for the great fund that allowed me to take this certification. I picked up 30 days of lab access along with the required course material. Back in 2023, I did the CRTP from Altered Security, which is fully focused on on-prem Active Directory. Time has passed, and I figured it was time to dive into Azure. CARTP was a natural next step. For context, I work professionally with Azure every day, so most of the core concepts weren’t new. What was new to me was how to abuse it. Earlier this year, I took the GIAC GCFR, so I was already pretty comfortable with investigating cloud environments, including Azure. ...

Most attackers don’t walk into your tenant and announce themselves. They quietly blend into normal logins and API calls, making life annoying for incident responders. Until now, tracing what happened during a single session across Microsoft 365 was slow, messy, and filled with guesswork. If you have ever worked an AiTM phishing case, you know the pain. The attacker steals a token, skips MFA, and suddenly starts pulling emails and good luck figuring out which login that activity actually came from. ...