Abusing & Securing Azure Services

Based on real life misconfigurations, breaches and APT TTPs. This two-day training introduces some of the most common Azure services used in enterprises, how they are often misconfigured, abused and how they could be better secured. You will gain a deep understanding of different misconfigurations, attacks path and multiple ways for initial access, persistence, and privilege escalation.
The course requires no prior knowledge in Azure services and will build your knowledge from the ground up

USD $2,299.00

Duration

2 days

Delivery Method

in-person

Level

intermediate

Seats Available

20

ATTEND IN-PERSON: Onsite in Dubai

DATE: 14-15 March 2023

TIME: 09:00 to 17:00 GST/GMT+4

Date Day Time Duration
14 Mar Tuesday 09:00 to 17:00 GST/GMT+4 8 Hours
15 Mar Wednesday 09:00 to 17:00 GST/GMT+4 8 Hours

 


In mid 2022 surveys showed that Azure adoption has sneaked past AWS. Yet, expertise in assessing, securing and managing Azure still suffers from a big shortage. Making experts in the domain sought after and well paid.
With over 200 services at offer, Microsoft Azure presents a challenge for both teams on the offensive side and defensive side. With both teams trying to keep up with the ever evolving services and features, misconfigurations are introduced in abundance allowing for ethical hacker and threat actors alike to take advantage of them.
In this course we introduce some of the most common Azure services used in enterprises, how they are often misconfigured, abused and how they could be better secured.
The course covers two angles, cloud native and hybrid environments.

Based on real life breaches and APT TTPs. For cloud administrators, architects, penetration testers and defenders. Understand the most commonly used Microsoft Azure services and how they are misconfigured and abused.

The course requires no prior knowledge in Azure and builds your knowledge from the ground up.

In this two-day training you will gain a solid understanding of the day to day operations and resulting misconfigurations, different attacks path and multiple ways for initial access, persistence and privilege escalation.

Keeping the theory to the bare minimum, you will quickly get your hands dirty both with Azure services and multiple attack tools and techniques. Some of the topics covered will include:

  • Recon and enumeration
  • Multiple ways for initial access
  • Bypassing defenses like Conditional Access and MFA
  • Abusing IAM
  • Abusing identities
  • Abusing tokens
  • Abusing Automation Accounts
  • Abusing Network Services
  • Abusing Key Vaults
  • Abusing Apps
  • Abusing Azure Container Registries
  • Abusing Storage Accounts
  • Abusing Azure VMs
  • And a lot more!

 

What students will be provided with
  • Course material
  • The instructors will share their own lab guide so students can replicate the setup in their private labs

 

Watch this video to get a feel of Tarek’s online workshops where he explains Azure Attack part – a topic that is covered in more detail in the training.

 

Part 1

 

Part 2

Why You Should Take This Course

Based on real life misconfigurations, breaches and APT TTPs. This two-day training introduces some of the most common Azure services used in enterprises, how they are often misconfigured, abused and how they could be better secured. You will gain a deep understanding of different misconfigurations, attacks path and multiple ways for initial access, persistence, and privilege escalation.
The course requires no prior knowledge in Azure services and will build your knowledge from the ground up

Who Should Attend

  • Cloud engineers
  • Cloud architects
  • SOC analysts
  • Penetration testers
  • Aspiring red teamers

Key Learning Objectives

  • Practical hands-on training that allows for exploiting real-world Azure misconfigurations.

  • Penesters, red teamers and sys admins will get a solid understanding of the root cause of the abusable misconfigurations.

  • Deep understanding threat actor TTPs.
  • Prerequisite Knowledge

    There are no requirements. The following knowledge would be helpful:
    • Basic PowerShell knowledge
    • Basic command line usage in Windows and Linux

    Hardware / Software Requirements

    • All labs are cloud based. Students should bring a laptop that allow them access to cloud based VMs.
    • The VMs will be accessible using remote desktop on high TCP port numbers. Ensure that your firewall policies will allow this.
    • Students will use their own Azure subscription. Instruction how to create one will be provided.

    Your Instructor

    Tarek (@DeanOfCyber), holds an MSc. in Information Security, is the technical advisor for GISEC, the largest security conference in the Middle East and is a previous OWASP Dubai Chapter Leader.

    He started his career as a security consultant for a boutique company in the UK where he delivered penetration tests for companies like BBC, Sky, Heinz, Ericsson, BT to name a few. Following that he relocated to Dubai as a senior penetration tester for Verizon.

    He then transitioned into leading security operations at the largest media organization in the middle east where he led high-end and complex projects. Currently, he is a subject matter expert working with a leading security vendor. As part of Hackers Academy, Tarek has delivered trainings to thousands of students both online and offline.

    He currently contributes to the community through the monthly HAVOC event at havoc.hackersacademy.com in addition to regularly mentoring and tutoring university students and preparing them for the job market.

    What students say about this training:

    Abusing Active Directory (On-Prem & Azure) Course

    “Lab setup with prepared toolset was a time saver and it allowed for focus on theory discussion. Unlike other sessions where 50% of course was story telling, the session presented by Mr Naja and Mr AlShamsi was 95% technical content and all valuable and current”

    “Fantastic, informative course! Even knowing a bit about AD compromise before, I received a new perspective to strengthen my skillset.”

    “Well presented. Fun. Good explanation of kerberos. Very good at explaining complex topics.”

    “You explains the things really well and in simple english. I know what DACL ,SACL were. But I know how frustrating they where when I learned about them last year. You explained it really well that a beginner can understand.”

    Abusing & Securing Azure Services

    “The course was super fun and useful. I learned a lot, had a ton of fun, and became a better pen tester as a result. Teachers were great, classmates were great, and labs were awesome”

    “It was really a great class. You explained it really well unlike other courses in which the instructors just put so many things at the same time. + it was really fun in your class.  Awesome work.”

    “As usual, Tarek is the man. This course is very well thought out and he explains every topic thoroughly. Very well put together, great pace, highly interesting – plus you get labs to see exploits done in real time. Highly recommended!”