{"product_id":"advanced-cloud-incident-response-in-azure-and-microsoft-365-korstiaan-stam-dctlv2026","title":"Advanced Cloud Incident Response in Azure and Microsoft 365 - Korstiaan Stam - DCTLV2026","description":"\u003cp dir=\"ltr\"\u003e\u003cmeta charset=\"utf-8\"\u003e\u003cstrong\u003eName of Training\u003c\/strong\u003e\u003cspan\u003e\u003cstrong\u003e:\u003c\/strong\u003e Advanced Cloud Incident Response in Azure and Microsoft 365\u003cbr\u003e\u003c\/span\u003e\u003cstrong\u003eTrainer(s)\u003c\/strong\u003e\u003cspan\u003e\u003cstrong\u003e:\u003c\/strong\u003e Korstiaan Stam\u003cbr\u003e\u003c\/span\u003e\u003cspan\u003e\u003cmeta charset=\"utf-8\"\u003e \u003cstrong\u003eDates\u003c\/strong\u003e\u003cstrong\u003e:\u003c\/strong\u003e \u003cmeta charset=\"utf-8\"\u003eAugust 10-11, 2026\u003cbr\u003e\u003cstrong\u003eTime:\u003c\/strong\u003e 8:00 am to 5:00 pm \u003cbr\u003e\u003cstrong\u003eVenue\u003c\/strong\u003e\u003cstrong\u003e:\u003c\/strong\u003e \u003cmeta charset=\"utf-8\"\u003eLas Vegas Convention Center\u003cbr\u003e\u003c\/span\u003e\u003cstrong\u003eCost\u003c\/strong\u003e\u003cspan\u003e\u003cstrong\u003e: \u003c\/strong\u003e$2,500\u003c\/span\u003e\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cstrong\u003eShort Summary:\u003c\/strong\u003e\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003eThis course equips you with the advanced forensic skills to confidently detect, scope, and investigate sophisticated cyber threats across Azure and Microsoft 365 environments. Through immersive hands-on labs and real-world attack simulations, you will master the analysis of cloud log artifacts to lead effective incident response investigations.\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cstrong\u003eCourse Description:\u003c\/strong\u003e\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003eThis hands-on two-day training offers a comprehensive guide to incident response in the Microsoft cloud, covering various topics essential for handling threats and attacks. The course starts with an overview of the concepts of the Microsoft cloud that are relevant for incident response. Participants will learn how to scope an incident in the Microsoft cloud and how to leverage it to set up an incident response capability. On the first day you will be immersed in the world of Azure attacks, we cover the different phases of an attack focusing on the evidence an attack leaves and how you can identify attacks based on the available evidence. On the second day we will shift our focus to Microsoft 365. The training covers the different types of evidence available in a Microsoft 365 environment. Participants will gain an understanding of how to acquire data from a Microsoft 365 environment using multiple methods and tools, and how to parse, enrich, and analyze the Microsoft 365 Unified Audit Log (UAL). The best part of the training is that everything you learn you'll apply with hands-on labs in a CTF like environment. Additionally, we have created two full attack scenarios in both Azure \u0026amp; M365 and you're tasked in the CTF to solve as many pieces of the puzzle as you can.\u003c\/p\u003e\n\u003cp\u003e\u003cspan\u003e\u003cmeta charset=\"utf-8\"\u003e \u003cstrong\u003eCourse Outline: \u003c\/strong\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp\u003eDay 1\u003c\/p\u003e\n\u003cul\u003e\n\u003cli\u003eCourse introduction\u003cbr\u003e\n\u003c\/li\u003e\n\u003cli\u003eAzure IR introduction\u003cbr\u003e\n\u003c\/li\u003e\n\u003cli\u003eAzure Terminology \u0026amp; Hierarchy\u003cbr\u003e\n\u003c\/li\u003e\n\u003cli\u003eEntra ID, Users, Groups \u0026amp; Security Principals\u003cbr\u003e\n\u003c\/li\u003e\n\u003cli\u003eEntra ID Roles\u003cbr\u003e\n\u003c\/li\u003e\n\u003cli\u003eEntra ID Hybrid setup\u003cbr\u003e\n\u003c\/li\u003e\n\u003cli\u003eEntra ID Security (Conditional Access \u0026amp; Identity Protection)\u003cbr\u003e\n\u003c\/li\u003e\n\u003cli\u003e\n\u003cstrong\u003eExercise 1.1 - Exploring Azure\u003c\/strong\u003e\u003cbr\u003e\n\u003c\/li\u003e\n\u003cli\u003eAzure \u0026amp; Entra Audit \u0026amp; Logging\u003cbr\u003e\n\u003c\/li\u003e\n\u003cli\u003eKQL for Incident Response\u003cbr\u003e\n\u003c\/li\u003e\n\u003cli\u003eKQL Introduction\u003cbr\u003e\n\u003c\/li\u003e\n\u003cli\u003eNeed to know KQL commands\u003cbr\u003e\n\u003c\/li\u003e\n\u003cli\u003eAdvanced KQL\u003cbr\u003e\n\u003c\/li\u003e\n\u003cli\u003e\n\u003cstrong\u003eExercise 1.2 - KQL Querying\u003c\/strong\u003e\u003cbr\u003e\n\u003c\/li\u003e\n\u003cli\u003eGraph API for Incident Response\u003cbr\u003e\n\u003c\/li\u003e\n\u003cli\u003eGraph API calls for IR\u003cbr\u003e\n\u003c\/li\u003e\n\u003cli\u003eAzure Attack Techniques - Part I\u003cbr\u003e\n\u003c\/li\u003e\n\u003cli\u003eAzure Attack Overview\u003cbr\u003e\n\u003c\/li\u003e\n\u003cli\u003eReconnaissance: Internal and External\u003cbr\u003e\n\u003c\/li\u003e\n\u003cli\u003eInitial Access: Valid accounts, Password Attacks \u0026amp; Malicious apps\u003cbr\u003e\n\u003c\/li\u003e\n\u003cli\u003e\n\u003cstrong\u003eExercise 1.3 - Investigate Recon \u0026amp; Initial Access\u003c\/strong\u003e\u003cbr\u003e\n\u003c\/li\u003e\n\u003cli\u003eAzure Attack Techniques - Part II\u003cbr\u003e\n\u003c\/li\u003e\n\u003cli\u003eExecution Introduction \u0026amp; Azure RunCommand\u003cbr\u003e\n\u003c\/li\u003e\n\u003cli\u003eExecution: Virtual Machine Scripting \u0026amp; Automation accounts\u003cbr\u003e\n\u003c\/li\u003e\n\u003cli\u003eExecution: Function app \u0026amp; Cloud Shell\u003cbr\u003e\n\u003c\/li\u003e\n\u003cli\u003ePrivilege Escalation: PIM \u0026amp; Elevated Access Toggle\u003cbr\u003e\n\u003c\/li\u003e\n\u003cli\u003ePrivilege Escalation: Azure AD applications\u003cbr\u003e\n\u003c\/li\u003e\n\u003cli\u003ePersistence: Account Creation \u0026amp; Network Security Group Modification\u003cbr\u003e\n\u003c\/li\u003e\n\u003cli\u003ePersistence: Azure Lighthouse \u0026amp; Delegated Administrators\u003cbr\u003e\n\u003c\/li\u003e\n\u003cli\u003ePersistence: Cross-Tenant Synchronization \u0026amp; Subscription Transfers\u003cbr\u003e\n\u003c\/li\u003e\n\u003cli\u003ePersistence: Federated options\u003cbr\u003e\n\u003c\/li\u003e\n\u003cli\u003e\n\u003cstrong\u003eExercise 1.4 - Execution, Persistence \u0026amp; Privilege Escalation\u003c\/strong\u003e\u003cbr\u003e\n\u003c\/li\u003e\n\u003cli\u003eAzure Attack Techniques - Part III\u003cbr\u003e\n\u003c\/li\u003e\n\u003cli\u003eCredential Access: Tokens \u0026amp; Application secrets\u003cbr\u003e\n\u003c\/li\u003e\n\u003cli\u003eCredential Access: KeyVault dumping\u003cbr\u003e\n\u003c\/li\u003e\n\u003cli\u003eExfiltration\u003cbr\u003e\n\u003c\/li\u003e\n\u003cli\u003eAzure Attack tools\u003cbr\u003e\n\u003c\/li\u003e\n\u003cli\u003e\n\u003cstrong\u003eExercise 1.5 - Credential Access, Exfiltration\u003c\/strong\u003e\u003cbr\u003e\n\u003c\/li\u003e\n\u003cli\u003eResponding to Azure attacks\u003cbr\u003e\n\u003c\/li\u003e\n\u003cli\u003eIntroduction \u0026amp; NIST model\u003cbr\u003e\n\u003c\/li\u003e\n\u003cli\u003eCloud Incident Response: Preparation\u003cbr\u003e\n\u003c\/li\u003e\n\u003cli\u003eCloud Incident Response: Investigate \u0026amp; Contain\u003cbr\u003e\n\u003c\/li\u003e\n\u003cli\u003eCloud Incident Response: Remediate \u0026amp; Recover\u003cbr\u003e\n\u003c\/li\u003e\n\u003cli\u003eToken \u0026amp; Session Revocation\u003cbr\u003e\n\u003c\/li\u003e\n\u003cli\u003eAzure Incident Response tools\u003c\/li\u003e\n\u003c\/ul\u003e\n\u003cp\u003eDay 2\u003c\/p\u003e\n\u003cp\u003e\u003cstrong\u003eMicrosoft 365 IR introduction\u003c\/strong\u003e\u003c\/p\u003e\n\u003cul\u003e\n\u003cli\u003eMicrosoft 365 - Forensic artefacts\u003cbr\u003e\n\u003c\/li\u003e\n\u003cli\u003eMicrosoft 365 - Course introduction\u003cbr\u003e\n\u003c\/li\u003e\n\u003cli\u003eUnified Audit Log: Introduction \u0026amp; Advanced Auditing\u003cbr\u003e\n\u003c\/li\u003e\n\u003cli\u003eUnified Audit Log: Structure\u003cbr\u003e\n\u003c\/li\u003e\n\u003cli\u003eUnified Audit Log: Access \u0026amp; Acquisition\u003cbr\u003e\n\u003c\/li\u003e\n\u003cli\u003eMailItemsAccessed\u003cbr\u003e\n\u003c\/li\u003e\n\u003cli\u003eEverything you need to know about the MailItemsAccessed Operation\u003cbr\u003e\n\u003c\/li\u003e\n\u003cli style=\"font-weight: bold;\"\u003e\n\u003cstrong\u003eExercise 2.1 - Exploration of the UAL\u003c\/strong\u003e\u003cbr\u003e\n\u003c\/li\u003e\n\u003cli\u003eMicrosoft 365 Email Forwarding Rules\u003cbr\u003e\n\u003c\/li\u003e\n\u003cli\u003eForensic analysis of inbox rules\u003cbr\u003e\n\u003c\/li\u003e\n\u003cli\u003eForensic analysis of transport rules\u003cbr\u003e\n\u003c\/li\u003e\n\u003cli\u003eForensic analysis of the Message Trace Log (MTL)\u003cbr\u003e\n\u003c\/li\u003e\n\u003cli\u003eMicrosoft 365 Attack Techniques - Part I\u003cbr\u003e\n\u003c\/li\u003e\n\u003cli\u003eMicrosoft 365 Attacks Overview\u003cbr\u003e\n\u003c\/li\u003e\n\u003cli\u003eInitial Access: Phishing\u003cbr\u003e\n\u003c\/li\u003e\n\u003cli\u003eInitial Access: MiTM \u0026amp; AiTM attacks\u003cbr\u003e\n\u003c\/li\u003e\n\u003cli\u003eMicrosoft 365 Attack Techniques - Part II\u003cbr\u003e\n\u003c\/li\u003e\n\u003cli\u003eExecution: API calls \u0026amp; PowerShell\u003cbr\u003e\n\u003c\/li\u003e\n\u003cli\u003ePersistence \u0026amp; Privilege Escalation: Account manipulation\u003cbr\u003e\n\u003c\/li\u003e\n\u003cli\u003ePersistence \u0026amp; Privilege Escalation: Account Creation \u0026amp; MFA registration\u003cbr\u003e\n\u003c\/li\u003e\n\u003cli\u003eMicrosoft 365 Attack Techniques - Part III\u003cbr\u003e\n\u003c\/li\u003e\n\u003cli\u003eCollection \u0026amp; Exfiltration: eDiscovery \u0026amp; Content search\u003cbr\u003e\n\u003c\/li\u003e\n\u003cli\u003eCollection \u0026amp; Exfiltration: Power Automate abuse\u003cbr\u003e\n\u003c\/li\u003e\n\u003cli\u003e\n\u003cstrong\u003eExercise 2.2 - Compromise of an email account\u003c\/strong\u003e\u003cbr\u003e\n\u003c\/li\u003e\n\u003cli\u003eMicrosoft 365 Attack tools\u003cbr\u003e\n\u003c\/li\u003e\n\u003cli\u003eAccess Token abuse\u003cbr\u003e\n\u003c\/li\u003e\n\u003cli\u003eAccess Token abuse \u0026amp; Family Of Client IDs (FOCI)\u003cbr\u003e\n\u003c\/li\u003e\n\u003cli\u003e\n\u003cstrong\u003eExercise 2.3 - Extracting \u0026amp; Manipulating tokens (Live Lab)\u003c\/strong\u003e\u003cbr\u003e\n\u003c\/li\u003e\n\u003cli\u003eMicrosoft 365 Anti-Forensic techniques\u003cbr\u003e\n\u003c\/li\u003e\n\u003cli\u003eMicrosoft 365 IR Tools \u0026amp; Techniques\u003cbr\u003e\n\u003c\/li\u003e\n\u003cli\u003eMicrosoft Extractor Suite\u003cbr\u003e\n\u003c\/li\u003e\n\u003cli\u003eHawk\u003cbr\u003e\n\u003c\/li\u003e\n\u003cli\u003eUntitled Goose Tool\u003cbr\u003e\n\u003c\/li\u003e\n\u003cli\u003eMicrosoft Defender for Cloud Apps\u003cbr\u003e\n\u003c\/li\u003e\n\u003cli\u003e\n\u003cstrong\u003eExercise 2.4- Using the Microsoft Extractor Suite\u003c\/strong\u003e\u003cbr\u003e\n\u003c\/li\u003e\n\u003cli\u003eBest practices for remediation and recovery in Microsoft 365\u003cbr\u003e\n\u003c\/li\u003e\n\u003cli\u003eRemediation \u0026amp; Recovery - Walkthrough\u003cbr\u003e\n\u003c\/li\u003e\n\u003cli\u003eBonus exercises:\u003cbr\u003e\n\u003cul\u003e\n\u003cli\u003eInvestigating OAuth apps\u003cbr\u003e\n\u003c\/li\u003e\n\u003cli\u003eInvestigation of a malicious Function (Live Lab)\u003cbr\u003e\n\u003c\/li\u003e\n\u003cli\u003eInvestigation of a suspicious automation account (Live Lab)\u003cbr\u003e\n\u003c\/li\u003e\n\u003c\/ul\u003e\n\u003c\/li\u003e\n\u003cli\u003eCTF Time\u003cbr\u003e\n\u003c\/li\u003e\n\u003cli\u003eAzure CTF\u003cbr\u003e\n\u003c\/li\u003e\n\u003cli\u003eMicrosoft CTF\u003cbr\u003e\n\u003c\/li\u003e\n\u003cli\u003eBonus exercise:\u003cbr\u003e\n\u003cul\u003e\n\u003cli\u003eInvestigating OAuth applications\u003c\/li\u003e\n\u003cli\u003eInvestigation of a malicious Function\u003cbr\u003e\n\u003c\/li\u003e\n\u003cli\u003eInvestigation of a suspicious Automation Account\u003cstrong\u003e\u003c\/strong\u003e\n\u003c\/li\u003e\n\u003c\/ul\u003e\n\u003c\/li\u003e\n\u003c\/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDifficulty Level:\u003c\/strong\u003e\u003cb\u003e\u003c\/b\u003e\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003eIntermediate\/Advanced\u003c\/p\u003e\n\u003cp\u003eIntermediate - The student has education and some experience in the field and familiarity with the topic being presented. The student has foundational knowledge that the course will leverage to provide practical skills on the topic.\u003c\/p\u003e\n\u003cp\u003eAdvanced - The student is expected to have significant practical experience with the tools and technologies that the training will focus on.\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cstrong\u003eSuggested Prerequisites:\u003c\/strong\u003e\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003eExperience in the Microsoft cloud will prove very useful to be able to keep up. Experience with PowerShell and\/or KQL is not required but will help you to gain even more from the training. You must also not be afraid of the command-line interface as this will be a hands-on training and not everything will be in the GUI.\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cstrong\u003eWhat Students Should Bring: Important: \u003c\/strong\u003e\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003eYou only have to bring your laptop with a browser and we will provide you with access to the cloud tenants and investigation data.\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cstrong\u003eWhat the Trainer Will Provide:\u003c\/strong\u003e\u003cspan\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cul\u003e\n\u003cli dir=\"ltr\"\u003eDigital training materials\u003c\/li\u003e\n\u003cli dir=\"ltr\"\u003eCloud Access to a training environment\u003c\/li\u003e\n\u003cli dir=\"ltr\"\u003eLab Access to a pre-configured Microsoft lab environment for the duration of the class\u003c\/li\u003e\n\u003c\/ul\u003e\n\u003cp dir=\"ltr\"\u003e\u003cstrong\u003eTrainer(s) Bio:\u003c\/strong\u003e\u003c\/p\u003e\n\u003cp\u003e\u003cstrong\u003eKorstiaan Stam\u003c\/strong\u003e is the Founder and CEO of Invictus Incident Response \u0026amp; former SANS Trainer - FOR509: Cloud Forensics and Incident Response. Korstiaan is a passionate incident responder, preferably in the cloud. He developed and contributed to many open-source tools related to cloud incident response. Korstiaan has gained a lot of knowledge and skills over the years which he is keen to share.\u003c\/p\u003e\n\u003cp\u003eWay before the cloud became a hot topic, Korstiaan was already researching it from a forensics perspective. “Because I took this approach I have an advantage, because I simply spent more time in the cloud than others. More so, because I have my own IR consultancy company, I spent a lot of time in the cloud investigating malicious behavior, so I don’t just know one cloud platform, but I have knowledge about all of them.” That equips him to help students with the challenge of every cloud working slightly or completely different. “If you understand the main concepts, you can then see that there’s also a similarity among all the clouds. That is why I start with the big picture in my classes and then zoom in on the details. Korstiaan also uses real-life examples from his work to discuss challenges he’s faced with students to relate with their day-to-day work. “To me, teaching not only means sharing my knowledge on a topic, but also applying real-life implications of that knowledge. I always try to combine the theory with the everyday practice so students can see why it’s important to understand certain concepts and how the newly founded knowledge can be applied.”\u003cbr\u003e\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cstrong\u003eProficiency Exam Option:\u003c\/strong\u003e\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003eThis course has the option for a proficiency certificate add-on. To earn the proficiency certificate, students will need to participate in the CTF challenge at the end of Day 2 and answer at least 50% of the questions across Microsoft 365 and Azure.\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003ePlease reach out to training@defcon.org for any questions related to the proficiency exam and certificate option.\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cstrong\u003eRegistration Terms and Conditions: \u003c\/strong\u003e\u003cb\u003e\u003c\/b\u003e\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cspan\u003eTrainings are refundable before July 11, 2026, minus a non-refundable processing fee of $250.\u003c\/span\u003e\u003cspan\u003e\u003cb\u003e\u003c\/b\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cspan\u003eBetween July 11, 2026 and August 5, 2026 partial refunds will be granted, equal to 50% of the course fee minus a processing fee of $250.\u003c\/span\u003e\u003cspan\u003e\u003cb\u003e\u003c\/b\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cspan\u003eAll trainings are non-refundable after August 5, 2026.\u003c\/span\u003e\u003cspan\u003e\u003cb\u003e\u003c\/b\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cspan\u003eTraining tickets may be transferred to another student. Please email us at training@defcon.org for specifics.\u003c\/span\u003e\u003cspan\u003e\u003cb\u003e\u003c\/b\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cspan\u003eIf a training does not reach the minimum registration requirement, it may be cancelled. In the event the training you choose is cancelled, you will be provided the option of receiving a full refund or transferring to another training (subject to availability).\u003c\/span\u003e\u003cspan\u003e\u003cb\u003e\u003c\/b\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cspan\u003eFailure to attend the training without prior written notification will be considered a no-show. No refund will be given.\u003c\/span\u003e\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cspan\u003eDEF CON Training may share student contact information, including names and emails, with the course instructor(s) to facilitate sharing of pre-work and course instructions. Instructors are required to safeguard this information and provide appropriate protection so that it is kept private. Instructors may not use student information outside the delivery of this course without the permission of the student.\u003c\/span\u003e\u003cspan\u003e\u003cb\u003e\u003c\/b\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cspan\u003eBy purchasing this ticket you agree to abide by the \u003c\/span\u003e\u003ca href=\"https:\/\/defcon.org\/html\/links\/dc-code-of-conduct.html\"\u003e\u003cspan\u003eDEF CON Training Code of Conduct\u003c\/span\u003e\u003c\/a\u003e\u003cspan\u003e and the registration terms and conditions listed above.\u003c\/span\u003e\u003cspan\u003e\u003cb\u003e\u003c\/b\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cspan\u003eSeveral breaks will be included throughout the day. Please note that food is not included.\u003c\/span\u003e\u003cspan\u003e\u003cb\u003e\u003c\/b\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cspan\u003eAll courses come with a certificate of completion, contingent upon attendance at all course sessions. Some courses offer an option to upgrade to a certificate of proficiency, which requires an additional purchase and sufficient performance on an end-of-course evaluation.\u003c\/span\u003e\u003c\/p\u003e","brand":"Las Vegas 2026","offers":[{"title":"Course only - Aug 10-11","offer_id":47697615618266,"sku":null,"price":2300.0,"currency_code":"USD","in_stock":true},{"title":"Course + Proficiency Exam - Aug 10-11","offer_id":47697615651034,"sku":null,"price":2600.0,"currency_code":"USD","in_stock":true}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/0629\/2088\/4442\/files\/KorstiaanStam.png?v=1766970753","url":"https:\/\/training.defcon.org\/products\/advanced-cloud-incident-response-in-azure-and-microsoft-365-korstiaan-stam-dctlv2026","provider":"defcontrainings","version":"1.0","type":"link"}