About The Training
Goa 2025 | Trainings
- AI Security: Terminating The Terminator
- Advanced Infrastructure Security Assessment
- Attack and Defend Software Supply Chains
- Azure Cloud Attacks for Red and Blue Teams
- Blocking the Storm: A Hands-On Guide to Hardening and Securing Kubernetes Clusters
- DevSecOps - A Hands-on Experience
- Efficient Malware Analysis: Comprehensive Approach
- HackTheWeb: Pentesting Beyond Basics
- Hacking Android Applications
- IoT Security Bootcamp GOA Edition
- Rapid Threat Model Prototyping (RTMP) - Agile Threat Modeling Mastery including Cloud and AI
- Slaying the RE Dragon: Mastering Reverse Engineering
- The Application Security Tool Stack - How to Discover Vulnerabilities in Software
Azure Cloud Attacks for Red and Blue Teams
Start Date: Feb 26, 2025
End Date: Feb 28, 2025
Venue: TBA
More than 95 percent of Fortune 500 use Azure today! A huge number of organizations now use Entra ID as an Identity and Access Management platform. This makes it imperative to understand the risks associated with Azure as identities of users across an enterprise are authenticated using it.
This hands-on training aims towards abusing Azure and a number of services offered by it. We will cover multiple complex attack lifecycle against a lab containing multiple live Azure tenants.
Non-exhaustive list of topics:
- Introduction to Azure
- Discovery and Recon of services and applications
- Enumeration
- Initial Access Attacks
- Enumeration post authentication
- Privilege Escalation
- Lateral Movement
- Persistence techniques
- Data Mining
- Defenses, Monitoring and Auditing
- Bypassing Defenses
You get one month access to a live Azure lab environment containing multiple tenants during and after the class and an attempt to Certified Azure Red Team Professional (CARTP) certification
Basic - Intermediate
Discovery and Recon of cloud services
- Introduction and Methodology of the course
- Getting Started with the lab
Introduction to Azure and Entra ID
- Services
- Concepts
- Comparison with on-prem
- Authentication, APIs and tokens
Discovery and Recon of services and applications
Enumeration in Azure
- Using Azure Portal, Az PowerShell and Az CLI
- Open source tools for enumeration (ROADTools, StormSpotter, AzureHound)
Initial Access Attacks
- By abusing Enterprise Apps, App Services, Function Apps and Insecure Storage
- Execute Phishing against MFA
- Consent Grant Attacks
Authenticated Enumeration (Storage Accounts, Key vaults, Blobs, Automation Accounts, Deployment Templates etc.)
Privilege Escalation (RBAC roles, Entra Roles, Automation Accounts, Group Ownership, Enterprise Apps, Managed Identity) (75 minutes)
Lateral Movement (Pass-the-PRT, Pass-the-Certificate, Across Tenant, cloud to on-prem, on-prem to cloud, Hybrid Identity, Continuous Deployment)
Persistence techniques (Enterprise Apps, Hybrid Identity, Dynamic Groups, VMs, NSGs, DevOps)
Data Mining using IAM, Deployment History, Code Repositories and storage accounts
Defenses, Monitoring and Auditing and Bypassing Defenses
- Azure Security categorization
- Microsoft Defender for Cloud
- Privileged Identity Management
- Conditional Access
- Just-in-Time Access
- Identity Protection
- Monitoring using Azure Monitor
- Continuous Access Evluation
- Azure Sentinel
- System with 4 GB RAM and ability to install OpenVPN client and RDP to Windows boxes.
- Privileges to disable/change any antivirus or firewall.
Basic understanding of Azure and Cloud Security.
Red teamers and penetration testers who want to improve on their Azure attack skills should take this class. Blue teamers, Azure administrators and security professionals who want to understand the approach and techniques of adversaries should take this class.
- The course helps the students in learning and understanding attacks against an organization that is using Azure by executing a full 'kill chain'/attack lifecycle
- Students get to practice attacks on Azure in a live lab environment that has multiple Azure tenants and a large number of different resources including hybrid identity and on-prem infrastructure. We really have invested a lot in making these labs fun, stable and compliant to Microsoft directives. The lab is an Azure cloud playground and students can solve it in multiple ways.
- Students can understand the defenses available to counter the discussed attacks and analyze the footprints of the attackers!
Attendees will get free one month access to an Azure playground/lab configured like an Enterprise network, during and after the training. In addition to that, learning aids like course slides, lab manual, walk-through videos and lab support.
Azure is a huge cloud platform. We could cover only the most popular services in Azure. Please do not expect discussion on a large number of services.
Nikhil Mittal is a hacker, infosec researcher, speaker, and enthusiast. His areas of interest include red teaming, Azure and active directory security, attack research, defense strategies, and post-exploitation research. He has 15+ years of experience in red teaming.
He specializes in assessing security risks in secure environments that require novel attack vectors and an "out of the box" approach. He has worked extensively on Azure AD, Active Directory attacks, defense, and bypassing detection mechanisms.
He has spoken/trained at conferences like DEF CON, BlackHat, BruCON, and more.
He is the founder of Altered Security - a company focusing on hands-on enterprise security learning - https://www.alteredsecurity.com/