TryHackMe - Azure Purple Teaming: Emulating and Detecting Cloud TTPs
Cloud Village @ DEF CON 33 · Day 1 · Cloud Village
Arisano's talk at Cloud Village, titled "TryHackMe - Azure Purple Teaming: Emulating and Detecting Cloud TTPs," provided a hands-on workshop demonstrating the critical practice of **purple teaming** within Microsoft Azure environments. The session focused on bridging the gap between offensive and defensive security by actively emulating common attacker tactics, techniques, and procedures (TTPs) and then analyzing their visibility in Azure's logging infrastructure, primarily through **Azure Sentinel** and **Kusto Query Language (KQL)**.
AI review
Competent cloud security workshop covering Azure purple teaming fundamentals — SignInLogs, AuditLogs, AzureActivity, AzureDiagnostics, KQL queries for common TTPs. Honest about logging gaps (VM command execution blind spot is worth noting). Nothing here that a motivated defender couldn't find in Microsoft's own documentation or existing Azure security blogs, and the speaker's TryHackMe affiliation means this is partly a platform advertisement dressed as a workshop.