Day 2: Attack, detect, and investigate
During Day 2 of this lab, you’ll execute, detect, and investigate attacks. You’ll learn to manage and respond to security alerts using Microsoft Defender for Identity, and to identify various alert types triggered by specific attack behaviors. You’ll use Defender for Identity for accessing and analyzing threat intelligence data, and the lab explores the relationship between this data and the MITRE ATT&CK framework.
The tasks you’ll perform on the second day include:
- Execute, detect, and investigate Reconnaissance and discovery attacks.
- Execute, detect, and investigate Persistence and privilege escalation attacks.
- Execute, detect, and investigate Credential access attacks.
- Execute, detect, and investigate Lateral movement attacks.
- Execute, detect, and investigate other types of attacks.
To successfully test the Defender for Identity detections and simulate attack scenarios, you’ll need a test environment configured with enough of a footprint to showcase the attack scenarios.
Estimated time to complete Day 2: 120 Minutes
Exercise 1: Lab configuration
The bulk of the configuration was completed during Day 1. Some additional configuration is required to perform the attack scenarios.