Hands-on Labs

Overview This lab deploys detection and hunting capabilities for agentic AI threats in Microsoft Sentinel. Every analytics rule maps to a specific OWASP Top 10 for Agentic Applications risk. What gets deployed: Component Count Details Analytics rules …

Overview This lab deploys a complete AKS runtime security stack using Microsoft Defender for Cloud: Gated Deployment (GA) — Admission control blocks vulnerable container images Binary Drift Detection (GA detect / Preview block) — Catches executables …

Overview This lab deploys a complete detection stack for infostealer session hijacking to an existing Microsoft Sentinel workspace. Infostealers steal browser cookies and session tokens that carry MFA claims, allowing attackers to bypass …

Overview This lab deploys detection capabilities for a complete attack chain: Entry: Azure Arc identity takeover (CVE-2026-26117) — a low-privilege user hijacks the machine’s cloud identity Defense Evasion: Monitoring agent removal via the Azure …

Overview This lab deploys detection and hunting capabilities for non-human identity (NHI) abuse in Microsoft Entra ID. Non-human identities — service principals, managed identities, and app registrations — outnumber human users 100:1 in most …

Zero Standing Privilege Lab A hands-on lab deploying a ZSP gateway that manages time-bounded access for non-human identities (AI agents, service principals, automation) and human administrators. Cost: ~$5-10/month (Function App, Log Analytics) …

LLM Prompt Injection Firewall Lab A hands-on lab deploying a serverless firewall that detects and blocks prompt injection attacks before they reach your LLM backend. Time to deploy: ~10 minutes Cost: ~$0 (stays within free tier for testing) Cleanup: …

OAuth Redirect Abuse Detection Lab A hands-on lab deploying detection and hardening for OAuth redirect abuse — the technique Microsoft warned about in their March 2026 advisory. Cost: Uses existing Sentinel workspace (no additional resources) …