Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
Learn how threat actors maintain persistent access in Microsoft 365 environments through this 24-minute conference talk from the SANS DFIR Summit 2025. Explore real-world persistence techniques used in actual Microsoft 365 incidents, ranging from basic inbox rules to sophisticated methods like domain federation abuse. Discover how attackers leverage Self-Service Password Reset (SSPR) to regain account access after password changes and session resets, and understand how app passwords enable mass phishing campaigns even after initial account compromise. Master detection and investigation methods using Microsoft logs, gain insights into advanced persistence mechanisms, and learn hardening strategies to minimize organizational risk. Acquire practical knowledge for threat hunting playbooks, incident response procedures, and administrative controls that reduce the likelihood of successful threat actor persistence in your Microsoft 365 environment.
