Abusing & Securing Azure Services

ATTEND IN-PERSON: Onsite in Bangkok, Thailand

Based on real life breaches and APT TTPs. You will attack a live Azure environment and replicate APTs to breach, persist and escalate your way to fully compromise the environment. In parallel, you will work on detecting, securing, and auditing the environment.

Recent surveys showed that Azure adoption has sneaked past AWS. Yet, expertise in assessing, securing and managing Azure still suffers from a big shortage. Making experts in the domain sought after and well paid.

With over 200 services on offer, Microsoft Azure presents a challenge for both teams on the offensive side and defensive side. While both teams trying to keep up with the ever-evolving services and features, misconfigurations are introduced in abundance allowing for ethical hacker and threat actors alike to take advantage of them.

In this course we introduce some of the most common Azure services used, how they are often misconfigured, abused and how they could be better secured.

The course covers two angles, the threat actor perspective, methods, and techniques. And how to monitor, detect and defend.

Beginner Friendly

This training is designed to be beginner friendly. Although it helps, you do not need prior experience in Azure. The training is built for cloud administrators, architects, penetration testers and defenders to help you understand the most used Microsoft Azure services, how they are misconfigured and abused and how you can monitor and secure them.

Attack & Secure a Live Environment

Keeping a balance between theory and practice, you will quickly get your hands dirty both with Azure services and multiple attack tools and techniques while targeting our live lab environment.

Designed to replicate real-life misconfigurations, you will gain a solid understanding of a typical setup, the most used Microsoft Azure services, how they are misconfigured and abused. In parallel, you will also work on setting up proper monitoring and logging in addition to securely configuring these services.

Breaches In the News

You will explore multiple attack techniques that are being used by APTs to target Azure. Many of which resulted in breaches you heard of and read about in the news.

You will follow different attacks paths and multiple ways for initial access, persistence, and privilege escalation. You will also work on auditing, monitoring and secure these services.

Some of the topics covered will include:

• Recon and enumeration
• Multiple ways for initial access
• Bypassing defenses like Conditional Access and MFA
• Abusing & Securing IAM
• Abusing & Securing Storage
• Abusing & Securing Automation Accounts
• Abusing & Securing Network Services
• Abusing & Securing Key Vaults
• Abusing & Securing Apps
• Abusing & Securing Azure Container Registries
• Abusing & Securing Azure VMs
• And a lot more!

Key Learning Objectives

• Practical hands-on training that allows for exploiting real-world Azure misconfigurations and deep understanding threat actor TTPs.
• Penesters and red teamers will get a solid understanding of the different attack paths and methodologies.
• Blue teamers and system admins will get a solid understanding of the root cause of the abusable misconfigurations and how to monitor, audit and defend.

What Students Will Be Provided With

• Course material
• Cloud labs will be available for each student for 90 hours usage (within 15 days from the start of the training)