3-day hands-on technical Workshop in HITB SecConf 2024 Bangkok

Abusing & Securing Azure Services


The course requires no prior knowledge in Azure and builds your knowledge from the ground up.
In this 3-day training you will gain a solid understanding of the day to day operations and resulting misconfigurations, different attacks path and multiple ways for initial access, persistence and privilege escalation.



Delivery Method



beginner / intermediate

Current Capacity

ATTEND IN-PERSON: Onsite in Bangkok, Thailand

DATE: 26-28 August 2024

TIME: 09:00 to 17:00 ICT/GMT+7

Date Day Time Duration
26 Aug Monday 0900-17:00 ICT/GMT+7 8 Hours
27 Aug Tuesday 0900-17:00 ICT/GMT+7 8 Hours
28 Aug Wednesday 0900-17:00 ICT/GMT+7 8 Hours

Based on real life breaches and APT TTPs. You will attack a live Azure environment and replicate APTs to breach, persist and escalate your way to fully compromise the environment. In parallel, you will work on detecting, securing, and auditing the environment.

Recent surveys showed that Azure adoption has sneaked past AWS. Yet, expertise in assessing, securing and managing Azure still suffers from a big shortage. Making experts in the domain sought after and well paid.

With over 200 services on offer, Microsoft Azure presents a challenge for both teams on the offensive side and defensive side. While both teams trying to keep up with the ever-evolving services and features, misconfigurations are introduced in abundance allowing for ethical hacker and threat actors alike to take advantage of them.

In this course we introduce some of the most common Azure services used, how they are often misconfigured, abused and how they could be better secured.

The course covers two angles, the threat actor perspective, methods, and techniques. And how to monitor, detect and defend.


Beginner Friendly

This training is designed to be beginner friendly. Although it helps, you do not need prior experience in Azure. The training is built for cloud administrators, architects, penetration testers and defenders to help you understand the most used Microsoft Azure services, how they are misconfigured and abused and how you can monitor and secure them.


Attack & Secure a Live Environment

Keeping a balance between theory and practice, you will quickly get your hands dirty both with Azure services and multiple attack tools and techniques while targeting our live lab environment.

Designed to replicate real-life misconfigurations, you will gain a solid understanding of a typical setup, the most used Microsoft Azure services, how they are misconfigured and abused. In parallel, you will also work on setting up proper monitoring and logging in addition to securely configuring these services.


Breaches In the News

You will explore multiple attack techniques that are being used by APTs to target Azure. Many of which resulted in breaches you heard of and read about in the news.

You will follow different attacks paths and multiple ways for initial access, persistence, and privilege escalation. You will also work on auditing, monitoring and secure these services.

Some of the topics covered will include:

  • Recon and enumeration
  • Multiple ways for initial access
  • Bypassing defenses like Conditional Access and MFA
  • Abusing & Securing IAM
  • Abusing & Securing Storage
  • Abusing & Securing Automation Accounts
  • Abusing & Securing Network Services
  • Abusing & Securing Key Vaults
  • Abusing & Securing Apps
  • Abusing & Securing Azure Container Registries
  • Abusing & Securing Azure VMs
  • And a lot more!


Key Learning Objectives
  • Practical hands-on training that allows for exploiting real-world Azure misconfigurations and deep understanding threat actor TTPs.
  • Penesters and red teamers will get a solid understanding of the different attack paths and methodologies.
  • Blue teamers and system admins will get a solid understanding of the root cause of the abusable misconfigurations and how to monitor, audit and defend.


What Students Will Be Provided With
  • Course material
  • Cloud labs will be available for each student for 90 hours usage (within 15 days from the start of the training)



Offensivebits and Malcrove LLC

Khalifa (@kha1ifuzz) started his Penetration Testing career in 2014. He is a founder of a Offensivebits and Malcrove, companies specializing in Managed Cyber Defense and Offensive Security services. He led more than 60 projects in Penetration Testing and Red Teaming. He has worked as Strategic Technical Advisor to many organizations in UAE and worked on multiple projects such as developing Penetration Testing tools and discovering vulnerabilities. Khalifa has also participated as an assistant trainer at the BlackHat course “Attacking and Securing APIs” and is regularly invited to deliver talks and workshops.

Subject Matter Expert

Tarek (@DeanOfCyber), holds an MSc. in Information Security, is the technical advisor for GISEC, the largest security conference in the Middle East and is a previous OWASP Dubai Chapter Leader. He started his career as a security consultant for a boutique company in the UK where he delivered penetration tests for companies like BBC, Sky, Heinz, Ericsson, BT to name a few. Following that he relocated to Dubai as a senior penetration tester for Verizon. He then transitioned into leading security operations at the largest media organization in the middle east where he led high-end and complex projects. Currently, he is a subject matter expert working with a leading security vendor. As part of Hackers Academy, Tarek has delivered trainings to thousands of students both online and offline. He currently contributes to the community through the monthly HAVOC event at havoc.hackersacademy.com in addition to regularly mentoring and tutoring university students and preparing them for the job market.
  What students say about this training:
  • Thank you, Tarek was very informative course and one of my dreams come true is to understand  Kerberos 🙂
  • I really recommend this course when its published. Its beginner friendly and will give you a lot of information about Active Directory and how the compromise usually happening. Again, Thank you Tarek for your efforts! – Farhan Alkhubize, 1st Cyber Security Officer
  • It was really a great class. You explained it really well unlike other courses in which the instructors just put so many things at the same time. + it was really fun in your class.  Awesome work.
  • As usual, Tarek is the man. This course is very well thought out and he explains every topic thoroughly. Very well put together, great pace, highly interesting – plus you get labs to see exploits done in real time. Highly recommended!
  • You explains the things really well and in simple english. I know what DACL ,SACL were. But I know how frustrating they where when I learned about them last year. You explained it really well that a beginner can understand.

Why You Should Take This Course

Students who attended the course reporting benefiting greatly from seeing first-hand real-world misconfigurations in a safe lab environment.
Pentesters gained a deeper understanding of their toolsets and the techniques used. And admins and defenders expressed great satisfaction in understanding how pentersters and threat actors do what they do.

Who Should Attend

  • Cloud engineers
  • Cloud architects
  • SOC analysts
  • Penetration testers
  • Aspiring red teamers

Prerequisite Knowledge

There are no requirements. The following knowledge would be helpful:
  • Basic PowerShell knowledge
  • Basic command line usage in Windows and Linux
Student Requirements
There are no requirements. The following knowledge would be helpful:
  • Basic Azure knowledge (not mandatory)
  • Basic PowerShell knowledge
  • Basic command line usage in Windows and Linux

Hardware / Software Requirements

  • All labs are cloud based and accessible via RDP. Students should bring a laptop with RDP client pre-installed.
  • The VMs will be accessible using remote desktop on high TCP port numbers. Ensure that your firewall policies will allow this.
  • Students will use their own Azure subscription. Instruction how to create one will be provided.