Scroll Top

Azure Cloud Attacks for Red and Blue Teams

Course Description

More than 95 percent of Fortune 500 use Azure today! A huge number of organizations now use  Azure AD as an Identity and Access Management platform using the hybrid cloud model. This  makes it imperative to understand the risks associated with Azure as not only the Windows  infrastructure and apps use it but also identities of users across an enterprise are authenticated  using it.  

In addition to cloud-only identity, the ability to connect on-prem Active Directory, applications  and infrastructure to Azure brings some very interesting opportunities and risks too. Often  complex to understand, this setup of components, infrastructure and identity is a security  challenge. This hands-on training aims towards abusing Azure and a number of services offered by it. We  will cover multiple complex attack lifecycles against a lab containing multiple live Azure tenants.  

All the phases of Azure red teaming and pentesting – Recon, Initial access, Enumeration, Privilege  Escalation, Lateral Movement, Persistence and Data mining are covered. We will also discuss  detecting and monitoring for the techniques we use. The course is a mixture of fun, demos, exercises, hands-on and lecture. The training focuses more  on methodology and techniques than tools.  

If you are a security professional trying to improve your skills in Azure cloud security, Azure  Pentesting or Red teaming the Azure cloud this is the right class for you!

Top 3 takeaways

  • Understand and practice attacks on Azure in a live lab environment that has multiple Azure tenants and a large number of different resources including hybrid identity and onprem infrastructure.
  • Practice attacks on Azure in a live lab environment that has multiple Azure tenants and a large number of different resources including hybrid identity and on-prem infrastructure.
  • Understand the defenses available to counter the discussed attacks and analyze the footprints of the attackers!

Course Content

Following topics are covered: 

  • Introduction to Azure 
  • Discovery and Recon of services and applications 
  • Enumeration 
  • Initial Access Attacks (Enterprise Apps, App Services, Function Apps, Insecure Storage,  Phishing, Consent Grant Attacks) 
  • Enumeration post authentication (Storage Accounts, Key vaults, Blobs, Automation  Accounts, Deployment Templates etc.) 
  • Privilege Escalation (RBAC roles, Azure AD Roles, Across subscriptions) Lateral Movement (Pass-the-PRT, Pass-the-Certificate, Across Tenant, cloud to on-prem,  on-prem to cloud)
  • Lateral Movement (Across Tenant, cloud to on-prem, on-prem to cloud) Persistence techniques 
  • Data Mining 
  • Defenses, Monitoring and Auditing (CAP, PIM, Microsoft Defender for Cloud, JIT, Risk  policies, MFA, MTPs, Azure Sentinel) 
  • Bypassing Defenses 
  • Defenses, Monitoring and Auditing 

Day 1  

  • Introduction to Azure 
  • Discovery and Recon of services and applications  
  • Enumeration 
  • Initial Access Attacks (Enterprise Apps, App Services, Function Apps, Insecure Storage,  Phishing, Consent Grant Attacks) 

Day 2 

  • Enumeration post authentication (Storage Accounts, Key vaults, Blobs, Automation  Accounts, Deployment Templates etc.) 
  • Privilege Escalation (RBAC roles, Azure AD Roles, Across subscriptions)
  • Lateral Movement (Pass-the-PRT, Pass-the-Certificate, Across Tenant, cloud to on-prem,  on-prem to cloud) 

Day 3 

  • Lateral Movement (Across Tenant, cloud to on-prem, on-prem to cloud)
  • Persistence techniques (Hybrid Identity, Golden SAML, Service Principals, Dynamic  Groups) 
  • Data Mining 
  • Defenses, Monitoring and Auditing (CAP, PIM, Microsoft Defender for Cloud, JIT, Risk  policies, CAE, MFA, MTPs, Azure Sentinel) 
  • Bypassing Defenses

Why should you take this course?

This course helps in upskilling to one of the most coveted skill in information security – Azure security. Drawing from our experience of more than a decade to teach at hacker conferences, this hands-on course helps someone in improving their Azure security skills. The course lab is designed in a way that students can solve it in multiple ways! The lab also includes a CTF for those students who would like more challenge.

Who should take this course

Red teamers and penetration testers who want to improve on their Azure attack skills should take this class. Blue teamers, Azure administrators and security professionals who want to understand the approach and techniques of adversaries should take this class.

Prerequisite Knowledge

Basic understanding of Azure is desired but not mandatory

Hardware / Software Requirements

  • System with 4 GB RAM and ability to install OpenVPN client and RDP to Windows boxes.
  • Privileges to disable/change any antivirus or firewall.

What students will be provided with

  • Attendees will get free one month access to a lab configured like an Enterprise network,  during and after the training. 
  • An attempt to completely hands-on Certified Azure Red Team Professional (CARTP)
  • In addition to that, learning aid like course slides, lab manual, walk-through videos and  lab support till the lab access is active

Trainer Biography

Nikhil Mittal is a hacker, infosec researcher, speaker and enthusiast. His area of interest includes  red teaming, Azure and active directory security, attack research, defense strategies and post  exploitation research. He has 15+ years of experience in red teaming.  

He specializes in assessing security risks at secure environments that require novel attack vectors  and “out of the box” approach. He has worked extensively on Azure, Active Directory attacks,  defense and bypassing detection mechanisms. Nikhil has held trainings and boot camps for  various corporate clients (in US, Europe and SE Asia), and at the world’s top information security  conferences.  

He has spoken/trained at conferences like DEF CON, BlackHat, BruCON and more.  

He is the founder of Altered Security – a company focusing on hands-on enterprise security  learning –  https://www.alteredsecurity.com

Twitter : @nikhil_mitt

Privacy Preferences
When you visit our website, it may store information through your browser from specific services, usually in form of cookies. Here you can change your privacy preferences. Please note that blocking some types of cookies may impact your experience on our website and the services we offer.