Blog - ruialmeida-cyber

6 – Microsoft Entra ID Identity Operations Lab

June 4, 2026June 4, 2026 by rui.almeidadacunha@gmail.com

Baseline Validation and Access Change Analysis (Graph API + RBAC Interpretation) In this lab, I focused on validating identity state within Microsoft Entra ID using Microsoft Graph and comparing it against a previously established identity snapshot derived from audit log analysis (Lab 05). The objective was to bridge event-based identity analysis with state-based identity validation, … Read more

5 – Microsoft Entra ID Identity Drift & Access Evolution Analysis (Evidence-Based IAM Investigation)

May 12, 2026 by rui.almeidadacunha@gmail.com

1. Objective This lab extends Entra ID identity analysis into identity drift and access evolution modelling using audit log telemetry. The objective is to reconstruct how identity state changes over time through: Unlike a static IAM snapshot, this analysis treats identity as an event-driven system rather than a fixed configuration. 2. Evidence Sources and Analysis … Read more

4 – Microsoft Entra ID Identity Lifecycle & Authentication Validation (Evidence-Based IAM Lab)

May 7, 2026May 5, 2026 by rui.almeidadacunha@gmail.com

1. Objective This lab demonstrates an end-to-end identity lifecycle within Microsoft Entra ID, focusing on identity provisioning, group-based access control (RBAC), and authentication validation using exported audit and sign-in telemetry. The objective is to analyse identity behaviour using structured, evidence-based interpretation of Entra ID logs, focusing on how identity creation, access modification, and authentication events … Read more

3 – Identity Behaviour Analysis on Windows 11 Endpoint Telemetry

May 5, 2026March 5, 2026 by rui.almeidadacunha@gmail.com

Objective This laboratory exercise explores identity-related system behaviour on a Windows 11 endpoint through analysis of authentication, session, and privilege-related telemetry. The purpose is to understand how normal identity activity is represented in system logs before attempting to identify anomalous behaviour. The focus is on building baseline understanding of authentication patterns, privilege assignment behaviour, and … Read more

2 – Building a Minimal, Repeatable Cloud and Identity Security Lab Environment

May 5, 2026January 15, 2026 by rui.almeidadacunha@gmail.com

This post documents the evolution of my lab environment into a lightweight, reproducible setup designed to support cloud and identity security learning. The focus is on building a stable environment that supports structured investigation of authentication behaviour, access control concepts, and cloud-based identity systems, particularly within Microsoft Azure and Entra ID contexts. The goal is … Read more

1 – Reviving a 15-Year-Old Toshiba Laptop for Cloud Security Lab Use

May 5, 2026January 5, 2026 by rui.almeidadacunha@gmail.com

Introduction This Toshiba Satellite L500-13W was abandoned with Windows 7 and a failing Kali Linux installation. Overheating, keyboard misconfiguration, and disk errors made it unsuitable for learning. By stabilising the hardware and installing MX Linux, I turned it into a reliable, quiet lab device, suitable for building structured security labs and developing foundational cloud and … Read more