Skip to main content
    CONTACT

    This site is protected by hCaptcha and the hCaptcha Privacy Policy and Terms of Service apply.
    Korstiaan Stam - Incident Response in the Microsoft Cloud $2,500 June 2025
    Korstiaan Stam - Incident Response in the Microsoft Cloud $2,500 June 2025

    Korstiaan Stam - Incident Response in the Microsoft Cloud $2,500 June 2025

    Seattle June 28th-29th Meydenbauer Center

    DESCRIPTION: This training covers both Microsoft 365 and Microsoft Azure, you’ll get hands-on experience with investigating attacks, acquisition of forensic artifacts from the cloud and digging through the relevant artifacts. Everything is related to real life threats observed against the Microsoft cloud. The trainer has real life experience with incident response and forensic investigations in the cloud, knowledge will be shared that's not available on any public resource.

    THINGS YOU’LL LEARN:

    • A complete working knowledge of Cloud infrastructure
    • The ability to investigate and respond to all cloud incidents

    LABS YOU’LL PARTICIPATE IN:

    • Exercise: Exploring the training environment
    • Exercise: Acquisition and analysis of Azure logs
    • Exercise: KQL querying
    • Exercise: Building your own Graph app for IR
    • Exercise: Investigate a cloud compromise in Azure
    • Exercise: Azure CTF
    • Exercise: Acquisition & Exploration of the UAL
    • Exercise: Investigating an espionage campaign in Microsoft 365
    • Exercise: Automated analysis of a Microsoft 365 environment
    • Exercise: Microsoft 365 CTF

    THIS COURSE IS BENEFICIAL FOR:

    • DFIR
    • Threat Hunting
    • Cloud Security

    TECHNICAL DIFFICULTY: BEGINNER/INTERMEDIATE

    STUDENT REQUIREMENTS: Experience in the Microsoft cloud will prove very useful to be able to keep up. Experience with PowerShell and/or KQL is not required but will help you to gain even more from the training. You must also not be afraid of the command-line interface as this will be a hands-on training and not everything will be in the GUI.

    WHAT SHOULD STUDENTS BRING: A laptop with 16gb of RAM.

    WHAT STUDENTS WILL BE PROVIDED WITH:

    •   Access to the cloud tenants and investigation data.

    TRAINER BIO:  Korstiaan Stam is the Founder and CEO of Invictus Incident Response & SANS Trainer - FOR509: Cloud Forensics and Incident Response.

    “To me, teaching not only means sharing my knowledge on a topic, but also applying real-life implications of that knowledge. I always try to combine the theory with the everyday practice so students can see why it’s important to understand certain concepts and how the newly founded knowledge can be applied.” 

    • 16 hours of training with a Certificate of Completion
    • Boxed lunch
    • 2 coffee breaks per day & snack

    Registration terms and conditions:
    Trainings are refundable before May 5th, 2025 the processing fee is $250.
    Trainings are non-refundable after May 16th, 2025.
    Training tickets may be transferred. Please email us for specifics.
    Failure to attend the Training without prior written notification, will be considered a No-Show. No refund will be given.
    By purchasing this ticket you agree to abide by the DCT Code of Conduct and the registration terms and conditions listed above.

    $2,500.00
    DEF CON Communications, inc.

    1100 Bellevue way NE

    8A-85

    Bellevue, WA 98004

    Powered by Shopify