Sign up for our free Threat Hunting Summit June 17 Register Here

Breaching M365

Course Authored by .

Breaching M365

This course teaches a practical methodology for identifying Microsoft 365 usage, gaining initial access, performing post-compromise reconnaissance, abusing OAuth and application trust, establishing persistence, escalating privileges, and harvesting high-value data from cloud-based collaboration and identity platforms.

On-Demand $295.00

Course Length: 8 Hours

Includes a Certificate of Completion



Description

Breaching M365 is an offensive security training course focused on attacking Microsoft 365 and Entra ID environments. This course teaches a practical methodology for identifying Microsoft 365 usage, gaining initial access, performing post-compromise reconnaissance, abusing OAuth and application trust, establishing persistence, escalating privileges, and harvesting high-value data from cloud-based collaboration and identity platforms.

Students will learn how modern attackers abuse identity, trust, and misconfiguration in Microsoft 365 rather than relying solely on traditional malware or internal network compromise. The course emphasizes realistic tradecraft, open-source tooling, and operator-focused techniques that can be applied during penetration tests, red team operations, and security assessments of Microsoft 365 tenants.

  • Student Requirements
    • A credit card (You will be signing up for a Microsoft tenant. This service require a credit card for signing up.)
    • Check that Microsoft Azure services are available in your country. (Note that if you cannot sign up for these services you will not be able to participate in the labs)
    • Stable internet access
  • Software/Hardware Requirements
    • x86 architecture CPU clocked at 2 GHz or higher that is capable of nested virtualization (Apple Silicon is currently not supported)
    • A computer with at least 8 GB of RAM. 16 GB is recommended
    • VMWare Workstation or VMWare Fusion (VirtualBox and other VM software is not supported)
    • Windows 10/11, MacOSX+, or a currently supported Linux Distribution
    • Full Administrator/root access to your computer or laptop
    • System should also have at least 40GB of available disk space to accommodate a VM

FAQ

Key Takeaways:

  • Identify Microsoft 365 and Entra ID usage from public-facing infrastructure

  • Perform unauthenticated and authenticated reconnaissance against Microsoft 365 tenants

  • Understand Microsoft 365 authentication models and how they influence attack paths

  • Gain initial access through password attacks, phishing, and device code abuse

  • Enumerate tenant users, groups, applications, policies, and trust relationships post-compromise

  • Understand OAuth, enterprise applications, and delegated versus application permissions

  • Establish persistence through OAuth app abuse and other Microsoft 365 persistence mechanisms

  • Abuse groups, guest collaboration, and trust relationships to expand access

  • Escalate privileges through app management, service principal abuse, and related attack paths

  • Use automated tools to identify tenant weaknesses and prioritize offensive opportunities

  • Harvest high-value data from Exchange Online, SharePoint, OneDrive,
    Teams, and connected resources

About the Instructor

Pixel splash background
Bio

Beau Bullock is the Director of Emerging Threats and Advanced Testing at Black Hills Information Security (BHIS), where he leads research and offensive testing focused on cloud security, identity abuse, and emerging attack techniques. He has been with BHIS since 2014 and brings over a decade of hands-on experience in penetration testing and security research.
Beau is an active contributor to the information security community through open-source tooling, technical writing, conference talks, webcasts, and by teaching his course Breaching the Cloud, which focuses on real-world attack paths across modern cloud environments. His work emphasizes practical tradecraft, attacker mindset, and helping defenders understand how small misconfigurations lead to large-scale compromise. Beau also writes music to hack to under the name NOBANDWIDTH.

On-Demand

Antisyphon's On-Demand classes give you flexible, self-paced access to the same high-quality training our live events are known for. Whether you're diving into forensics, cloud security, or offensive tooling, each course includes:

  • Full access to video recordings, slides, and downloadable resources
  • Hands-on labs and virtual machines to reinforce real-world skills
  • Cyber Range access for immersive practice (select courses)
  • Dedicated Discord support from instructors and peers
  • Certificates of participation upon completion

Start learning when it works for you!
No deadlines, no pressure. Just real, practical cybersecurity training on your schedule.

Purchase:
Content is loading, please wait.

Related products

Shopping Cart

No products in the cart.