ABOUT THE TRAINING
This course is a two days (weekend only) intensive training on Azure Cloud Pentesting. All delegates will have access to a personal Azure environment for hands-on lab exercises. We have scheduled sessions to accommodate both North American and EMEA time zones. Ensure you choose the appropriate time zone during booking.
- Module 1 – Understanding the Azure platform and architecture
- Module 2 – Anonymous Discovery and Reconnaisance
- Module 3 – Initial Access and Credential Theft
- Module 4 – Privilege Escalation Attacks
- Module 5 – Hunting and Harvesting Service Credentials
- Module 6 – Data Exfiltration Attacks
- Module 7 – Code Execution Attacks
- Module 8 – Persistence Attacks and Defense Evasion
|| Simulate real-world attacks using Tactics, Techniques and Procedures (TTPs) that adversaries use during Azure breaches
|| Learn how to identify gaps and weaknesses in Azure security implementations
|| Learn how to detect and respond to Azure breaches
|| Learn how to prevent an Azure breach from occurring in the first place
HANDS-ON-LABS INCLUDED - In this module, delegates will learn about the Azure Cloud platform, its management hierarchy, services, RBAC structure, management tools and entry points. We will also discuss guardrails that you should be aware of before performing cloud pentesting and available options to build your own Azure pentesting environment.
HANDS-ON-LABS INCLUDED - In this module, we will cover the external exposures of Azure environments that result in initial access to the environment. Delegates will learn how to perform and detect anonymous reconnaissance for Azure environments.
HANDS-ON LABS INCLUDED - In this module, we will explore the techniques used to gain initial access into Azure environments. We'll discuss topics like methods to obtain user or application credentials, stealing access and refresh tokens, and ways to bypass conditional access controls.
HANDS-ON LABS INCLUDED - In this module, we will dive deep into Privilege Escalation Attacks, unveiling the tactics and methods attackers that can be used to identify and elevate permissions in Azure. We will cover the use of tools like AzureHound to identify various hidden escalation paths, explore techniques to exploit misconfigurations to move from basic permissions like reader access to owner permissions.
HANDS-ON LABS INCLUDED - With over 40 Azure services still relying on long-lived access keys, this module dives deep into how to extract service credentials for Azure's data and compute services. We will also explore attacking secret and configuration management services, such as Key Vault and App Config. Furthermore, we will discuss techniques to hunt for credentials within configuration settings of services like App Service, Function Apps, Container Instances, and Container Apps.
HANDS-ON LABS INCLUDED - In this module, we will cover techniques to exfiltrate data from various storage and data services in Azure such as the blob service, file service, VM disks, Cosmos DB, and SQL database. We will also examine methods of transferring data, including cloud service backups, to an alternate cloud account. This approach helps evade traditional file transfer/downloads and network-based exfiltration detection mechanisms.
HANDS-ON LABS INCLUDED - In this module, we will explore the techniques that can be used to trigger arbitrary code executions on Azure compute services, and how such breaches can be mitigated. We will cover how to move from the cloud management plane to executing code on compute services like VMs, VM Scale Sets and Container instances. We will examine the exploitation of features such as Azure RunCommand and Automation Runbooks, which enable users to execute scripts remotely in virtual machines through integrated VM agents.
HANDS-ON LABS INCLUDED - In this module, we will cover advanced techniques for establishing persistence and evading detection. We will shed light on how Azure services, such as serverless event-triggered actions and Logic Apps workflows, can be exploited to provide persistent remote access. Furthermore, we'll explore diverse strategies to create or modify accounts in Azure AD to sustain an attacker's presence in the environment. From a defense standpoint, understanding these tactics is crucial for incident response, equipping defenders with the ability to identify hidden attacker hideouts and understanding evasion maneuvers like impairing defenses and bypassing audits.
This course assumes the following:
- Foundational Azure knowledge and experience
- Foundational cybersecurity knowledge and experience
- A laptop/desktop PC with good internet connection
Please note: There’s no need for participants to have their own Azure subscription for the practical exercises. An individual Azure setup will be made available to all attendees during the course.