USD $3,299.00
| Date | Day | Time | Duration |
| 26 Aug | Monday | 0900-17:00 ICT/GMT+7 | 8 Hours |
| 27 Aug | Tuesday | 0900-17:00 ICT/GMT+7 | 8 Hours |
| 28 Aug | Wednesday | 0900-17:00 ICT/GMT+7 | 8 Hours |
Recent surveys showed that Azure adoption has sneaked past AWS. Yet, expertise in assessing, securing and managing Azure still suffers from a big shortage. Making experts in the domain sought after and well paid.
With over 200 services on offer, Microsoft Azure presents a challenge for both teams on the offensive side and defensive side. While both teams trying to keep up with the ever-evolving services and features, misconfigurations are introduced in abundance allowing for ethical hacker and threat actors alike to take advantage of them.
In this course we introduce some of the most common Azure services used, how they are often misconfigured, abused and how they could be better secured.
The course covers two angles, the threat actor perspective, methods, and techniques. And how to monitor, detect and defend.
This training is designed to be beginner friendly. Although it helps, you do not need prior experience in Azure. The training is built for cloud administrators, architects, penetration testers and defenders to help you understand the most used Microsoft Azure services, how they are misconfigured and abused and how you can monitor and secure them.
Keeping a balance between theory and practice, you will quickly get your hands dirty both with Azure services and multiple attack tools and techniques while targeting our live lab environment.
Designed to replicate real-life misconfigurations, you will gain a solid understanding of a typical setup, the most used Microsoft Azure services, how they are misconfigured and abused. In parallel, you will also work on setting up proper monitoring and logging in addition to securely configuring these services.
You will explore multiple attack techniques that are being used by APTs to target Azure. Many of which resulted in breaches you heard of and read about in the news.
You will follow different attacks paths and multiple ways for initial access, persistence, and privilege escalation. You will also work on auditing, monitoring and secure these services.
Some of the topics covered will include:
Tarek (@DeanOfCyber), holds an MSc. in Information Security, is the technical advisor for GISEC, the largest security conference in the Middle East and is a previous OWASP Dubai Chapter Leader.
He started his career as a security consultant for a boutique company in the UK where he delivered penetration tests for companies like BBC, Sky, Heinz, Ericsson, BT to name a few. Following that he relocated to Dubai as a senior penetration tester for Verizon.
He then transitioned into leading security operations at the largest media organization in the middle east where he led high-end and complex projects. Currently, he is a subject matter expert working with a leading security vendor. As part of Hackers Academy, Tarek has delivered trainings to thousands of students both online and offline. He currently contributes to the community through the monthly HAVOC event at havoc.hackersacademy.com in addition to regularly mentoring and tutoring university students and preparing them for the job market.
What students say about this training:
Abusing Active Directory (On-Prem & Azure) Course
“Lab setup with prepared toolset was a time saver and it allowed for focus on theory discussion. Unlike other sessions where 50% of course was story telling, the session presented by Mr Naja and Mr AlShamsi was 95% technical content and all valuable and current”
“Fantastic, informative course! Even knowing a bit about AD compromise before, I received a new perspective to strengthen my skillset.”
“Well presented. Fun. Good explanation of kerberos. Very good at explaining complex topics.”
“You explains the things really well and in simple english. I know what DACL ,SACL were. But I know how frustrating they where when I learned about them last year. You explained it really well that a beginner can understand.”
Abusing & Securing Azure Services
“The course was super fun and useful. I learned a lot, had a ton of fun, and became a better pen tester as a result. Teachers were great, classmates were great, and labs were awesome”
“It was really a great class. You explained it really well unlike other courses in which the instructors just put so many things at the same time. + it was really fun in your class. Awesome work.”
“As usual, Tarek is the man. This course is very well thought out and he explains every topic thoroughly. Very well put together, great pace, highly interesting – plus you get labs to see exploits done in real time. Highly recommended!”
Khalifa (@kha1ifuzz) started his Penetration Testing career in 2014. He is a founder of a Offensivebits and Malcrove, companies specializing in Managed Cyber Defense and Offensive Security services. He led more than 60 projects in Penetration Testing and Red Teaming. He has worked as Strategic Technical Advisor to many organizations in UAE and worked on multiple projects such as developing Penetration Testing tools and discovering vulnerabilities.
Khalifa has also participated as an assistant trainer at the BlackHat course “Attacking and Securing APIs” and is regularly invited to deliver talks and workshops.
What students say about this training:
Abusing Active Directory (On-Prem & Azure) Course
“Lab setup with prepared toolset was a time saver and it allowed for focus on theory discussion. Unlike other sessions where 50% of course was story telling, the session presented by Mr Naja and Mr AlShamsi was 95% technical content and all valuable and current”
“Fantastic, informative course! Even knowing a bit about AD compromise before, I received a new perspective to strengthen my skillset.”
“Well presented. Fun. Good explanation of kerberos. Very good at explaining complex topics.”
“You explains the things really well and in simple english. I know what DACL ,SACL were. But I know how frustrating they where when I learned about them last year. You explained it really well that a beginner can understand.”
Abusing & Securing Azure Services
“The course was super fun and useful. I learned a lot, had a ton of fun, and became a better pen tester as a result. Teachers were great, classmates were great, and labs were awesome”
“It was really a great class. You explained it really well unlike other courses in which the instructors just put so many things at the same time. + it was really fun in your class. Awesome work.”
“As usual, Tarek is the man. This course is very well thought out and he explains every topic thoroughly. Very well put together, great pace, highly interesting – plus you get labs to see exploits done in real time. Highly recommended!”
