Sept. 19, 2023, 1:13 p.m. | SANS Digital Forensics and Incident Response

SANS Digital Forensics and Incident Response

I was fascinated when I read during the Solorigate attack that an adversary utilized Golden SAML to gain access to Azure and Office 365 cloud resources. At the time, I was developing an adversary emulation for a blue team capture the flag event and I decided I should make this a key pillar of the emulation so others could experience it. If you’re like me, you have spent some portion of your career working with events generated from on-premise systems. …

access adversary adversary emulation attack azure blue blue team capture cloud cloud resources emulation event flag golden key log office office 365 resources saml team

Business Information Security Officer

@ Metrolink | Los Angeles, CA

Cyber Security Consultant

@ Cybit | Belfast, Northern Ireland, United Kingdom

Physical Operations Specialist, AWS Security Operations Center

@ | Herndon, Virginia, USA

Product Cybersecurity Officer (m/w/div.)

@ Bosch Group | Wien, Linz oder Graz, Austria

SC2023-003098 Security Risk Consultant 1 (NS) - WED 11 Oct

@ EMW, Inc. | Braine-l'Alleud, Wallonia, Belgium

Sr Power Design Engineer (Hardware - NetSec)

@ Palo Alto Networks | Santa Clara, CA, United States