Active Directory Cloud IAM Exploitation βββ Kerberos Golden Ticket βββ AWS IAM Role Assumption βββ Pass-the-Hash Attacks βββ Azure AD PIM Abuse βββ DCSync Domain Replication βββ S3 Bucket Enumeration βββ BloodHound AD Paths βββ GCP Service Account Abuse
AWS Security Azure Security Google Cloud Security βββ IAM Access Analyzer βββ Defender for Cloud βββ Forseti Security βββ GuardDuty Threat Detect βββ PIM Conditional Access βββ Security Command Center βββ CloudTrail Analysis βββ Sentinel ML Workbooks βββ Chronicle Detection βββ Config Compliance Rules βββ Azure AD Identity Secure
Core Fundamentals (Study Focus): βββ Windows Event Logs (Security 4624/4672) βββ Sysmon Logging (Process Creation) βββ Basic SIEM Concepts (Splunk Free/TryHackMe) βββ Network Traffic Analysis (Wireshark) βββ File Integrity Monitoring (OSSEC Basics)
RED TEAM: Mimikatz - Impacket - BloodHound - CrackMapExec - Rubeus - Responder - Privilege Escalation - Network Pivoting BLUE TEAM: Splunk - Elastic - Wazuh - MITRE ATT&CK Navigator CLOUD: AWS Security Hub - Azure Sentinel - GCP Chronicle - Terraform Cloud - IAM - CloudTrail - EC2 - VPC - GauardDuty DFIR: Volatility3 - KAPE - Rekall - Autopsy - Sleuth Kit - FTK Forensic Toolkit
PURPLE TEAM VALIDATION:
RED TEAM LABS (β
Completed):
β’ Pass-the-Hash (Mimikatz)
β’ Kerberoasting (Rubeus)
β’ PS Remoting Abuse
β’ LSASS Credential Dump
BLUE TEAM LEARNING (π Active): β’ Windows Event ID 4624 (Logon) β’ Event ID 4769 (Kerberos) β’ Sysmon Process Creation β’ Network Connection Logs
Full-Spectrum Cybersecurity Engineer | Attack | Defend | Hunt | Respond