SharePoint Online Monitoring

To access material, start machines and answer questions login.

SharePoint Online is one of the most targeted M365 services, as it often stores sensitive files and can be used to propagate the attack. This room will explore the most common attack scenarios on SharePoint Online and explain how to monitor for them as a team.

Learning Objectives

Learn Entra ID and SharePoint audit log formats
Explore how attackers exfiltrate data from SharePoint
Discover how SharePoint can become an attack tool
Practice the learned topics through an attack scenario

Prerequisites

Lab Access

Start the lab by clicking the Start Machine button below. You will then have access to the Web Interface. Please wait 4-5 minutes for the instance to launch. To access , follow this link:

https://LAB_WEB_URL.p.thmlabs.com (opens in new tab)

Set up your virtual environment

To successfully complete this room, you'll need to set up your virtual environment. This involves starting the Target Machine, ensuring you're equipped with the necessary tools and access to tackle the challenges ahead.

Target machine

Status:Off

Answer the questions below

Start the VM and let's go!

SharePoint Online Monitoring

Task 1IntroductionTask includes a deployable machine

Learning Objectives

Prerequisites

Lab Access

Set up your virtual environment

Task 2SharePoint OverviewPremium

Task 3SharePoint LoggingPremium

Task 4Detecting Data ExfiltrationPremium

Task 5Detecting SharePoint AbusePremium

Task 6Real-World ScenarioPremium

Task 7ConclusionPremium

Ready to learn Cyber Security?