This course teaches a practical methodology for identifying Microsoft 365 usage, gaining initial access, performing post-compromise reconnaissance, abusing OAuth and application trust, establishing persistence, escalating privileges, and harvesting high-value data from cloud-based collaboration and identity platforms.
Breaching M365 is an offensive security training course focused on attacking Microsoft 365 and Entra ID environments. This course teaches a practical methodology for identifying Microsoft 365 usage, gaining initial access, performing post-compromise reconnaissance, abusing OAuth and application trust, establishing persistence, escalating privileges, and harvesting high-value data from cloud-based collaboration and identity platforms.
Students will learn how modern attackers abuse identity, trust, and misconfiguration in Microsoft 365 rather than relying solely on traditional malware or internal network compromise. The course emphasizes realistic tradecraft, open-source tooling, and operator-focused techniques that can be applied during penetration tests, red team operations, and security assessments of Microsoft 365 tenants.
Student Requirements
A credit card (You will be signing up for a Microsoft tenant. This service require a credit card for signing up.)
Check that Microsoft Azure services are available in your country. (Note that if you cannot sign up for these services you will not be able to participate in the labs)
Stable internet access
Software/Hardware Requirements
x86 architecture CPU clocked at 2 GHz or higher that is capable of nested virtualization (Apple Silicon is currently not supported)
A computer with at least 8 GB of RAM. 16 GB is recommended
VMWare Workstation or VMWare Fusion (VirtualBox and other VM software is not supported)
Windows 10/11, MacOSX+, or a currently supported Linux Distribution
Full Administrator/root access to your computer or laptop
System should also have at least 40GB of available disk space to accommodate a VM
Beau Bullock is the Director of Emerging Threats and Advanced Testing at Black Hills Information Security (BHIS), where he leads research and offensive testing focused on cloud security, identity abuse, and emerging attack techniques. He has been with BHIS since 2014 and brings over a decade of hands-on experience in penetration testing and security research.
Beau is an active contributor to the information security community through open-source tooling, technical writing, conference talks, webcasts, and by teaching his course Breaching the Cloud, which focuses on real-world attack paths across modern cloud environments. His work emphasizes practical tradecraft, attacker mindset, and helping defenders understand how small misconfigurations lead to large-scale compromise. Beau also writes music to hack to under the name NOBANDWIDTH.
Register for Upcoming
Breaching M365
On-Demand
Beau Bullock
Attention: This is not a phish!
Antisyphon Training accounts have moved to learning.antisyphontraining.com. Training purchases will now be directed to that site. You can trust us.