ＨｉｄｅＺｅｒｏＯｎｅ

The course “Attacking and Defending Azure & M365” is a comprehensive training program offered by Xintra. It provides an in-depth understanding of attack techniques, detection, forensics, and mitigation strategies on Azure and Microsoft 365. The course is designed to be hands-on and includes practical labs for real-world learning. It is suitable for individuals interested in cybersecurity, particularly in the context of Azure and Microsoft 365 environments. The course is self-paced, allowing learners to progress at their own speed, and also includes live sessions for interactive learning.

Syllabus

1. Introduction
2. Overview of Azure/M365
3. Setting Up Your Environment
4. Log Analysis Using SOF-ELK
5. Reconnaissance & Enumeration
6. Initial Access Techniques
7. Credential Theft
8. Lateral Movement Techniques
9. Privilege Escalation
10. Persistence Techniques
11. Defense Evasion

Attacking and Defending Azure & M365

SEC661 is a specialized course focused on advanced exploitation techniques for ARM-based architectures. Tailored for experienced security professionals, the course delves into the intricacies of ARM assembly, reverse engineering, and vulnerability discovery. Participants will explore real-world exploitation scenarios, including stack overflows, return-oriented programming (ROP), and bypassing modern mitigation techniques like DEP and ASLR on ARM systems. With hands-on labs and detailed guidance, SEC661 prepares attendees to analyze and exploit vulnerabilities in IoT devices, mobile platforms, and embedded systems, equipping them with the skills to defend against sophisticated attacks targeting ARM-based technologies.

SEC566 provides a practical guide to implementing and auditing the Center for Internet Security (CIS) Critical Security Controls (CIS Controls). This course is designed to help organizations improve their cybersecurity posture by effectively prioritizing and deploying the CIS Controls framework. Participants will learn how to assess current security practices, identify gaps, and align them with CIS guidelines to reduce risk. The course also covers techniques for auditing the implementation of controls to ensure compliance and effectiveness. Through hands-on exercises and real-world scenarios, SEC566 equips security professionals with actionable strategies to strengthen defenses and achieve measurable improvements in cybersecurity.

SEC537 provides hands-on training in open-source intelligence (OSINT) gathering, analysis, and automation techniques. This course teaches participants how to collect actionable intelligence from publicly available sources, such as websites, social media, forums, and databases, while adhering to ethical and legal standards. Students will also explore tools and scripting methods to automate OSINT workflows, enabling efficient large-scale data collection and analysis. Real-world scenarios and exercises demonstrate how OSINT can be applied to threat intelligence, investigations, and risk assessments. SEC537 equips professionals with the skills to uncover critical information, gain insights, and enhance decision-making in cybersecurity and beyond.

SEC487 is a foundational course focused on collecting, analyzing, and leveraging publicly available information for cybersecurity, investigations, and decision-making. Participants will learn techniques to gather OSINT from various sources, including social media, public records, websites, and dark web platforms, while maintaining ethical and legal compliance. The course emphasizes manual and automated methods for identifying and interpreting critical data. Through hands-on exercises and real-world case studies, SEC487 equips students with the skills to apply OSINT in threat intelligence, vulnerability assessments, and incident response, enabling professionals to uncover valuable insights and protect against evolving threats.

SEC556 focuses on the unique security challenges posed by the growing number of Internet of Things (IoT) devices. This course teaches participants how to identify, exploit, and secure vulnerabilities in IoT devices and their supporting infrastructures. Topics include network attacks, device manipulation, weak authentication, insecure communications, and firmware analysis. Through practical labs, students will perform hands-on penetration testing on a range of IoT devices, from consumer gadgets to industrial systems. SEC556 equips professionals with the skills needed to understand IoT-specific attack vectors, develop mitigation strategies, and improve the overall security of connected ecosystems in both personal and enterprise environments.