Skip to main content
    CONTACT

    This site is protected by hCaptcha and the hCaptcha Privacy Policy and Terms of Service apply.
    Altered Security - Azure Cloud Attacks for Red & Blue Teams Beginner- DCTLV2025
    Altered Security - Azure Cloud Attacks for Red & Blue Teams Beginner- DCTLV2025

    Altered Security - Azure Cloud Attacks for Red & Blue Teams Beginner- DCTLV2025

    Las Vegas 2025

    Name of Training: Azure Cloud Attacks for Red and Blue Teams - Beginner Edition
    Trainer(s): Altered Security
    Dates: August 11-12, 2025
    Time: 8:00 am to 5:00 pm PT
    Venue: Las Vegas Convention Center
    Cost: $2,200

    Course Description: 

    More than 95 percent of Fortune 500 use Azure today! A huge number of organizations use Azure AD (Entra ID) as an Identity and Access Management platform. This makes it imperative to understand the risks associated with Azure as it contains an enterprises infrastructure, apps, identities and a lot more!

    In addition to cloud-only identity, the ability to connect on-prem Active Directory, applications and infrastructure to Azure brings some very interesting opportunities and risks too. Often complex to understand, this setup of components, infrastructure and identity is a security challenge.

    This hands-on training aims towards abusing Azure and a number of services offered by it. We will cover multiple complex attack lifecycles against a lab containing multiple live Azure tenants.

    All the phases of Azure red teaming and pentesting – Recon, Initial access, Enumeration, Privilege Escalation, Lateral Movement, Persistence and Data mining are covered. We will also discuss detecting and monitoring for the techniques we use.

    The course is a mixture of fun, demos, exercises, hands-on and lecture. The training focuses more on methodology and techniques than tools.
    If you are a security professional trying to improve your skills in Azure cloud security, Azure Pentesting or Red teaming the Azure cloud this is the right class for you!

    Following topics are covered:

    • Introduction to Azure

    • Discovery and Recon of services and applications

    • Enumeration

    • Initial Access Attacks (Enterprise Apps, App Services, Function Apps, Insecure Storage, Phishing, Consent Grant Attacks)

    • Enumeration post authentication (Storage Accounts, Key vaults, Blobs, Automation Accounts, Deployment Templates etc.)

    • Privilege Escalation (RBAC roles, Azure AD Roles, Across subscriptions)

    • Lateral Movement (Pass-the-PRT, Pass-the-Certificate, Across Tenant, cloud to on-prem, on-prem to cloud)

    • Lateral Movement (Across Tenant, cloud to on-prem, on-prem to cloud)

    • Persistence techniques

    • Data Mining

    • Defenses, Monitoring and Auditing (CAP, PIM, Microsoft Defender for Cloud, JIT, Risk policies, MFA, MTPs, Azure Sentinel)

    • Bypassing Defenses

    • Defenses, Monitoring and Auditing 

    Attendees will get free two months access to an Azure environment comprising of multiple tenants and a Certified by AlteredSecurity Red Team Professional for Azure (CARTP) certification attempt.

    Course Outline: 

    Day 1

    • Discovery and Recon of cloud services

      • Introduction and Methodology of the course

      • Getting Started with the lab

    • Introduction to Azure and Entra ID

      • Services

      • Concepts

      • Comparison with on-prem

      • Authentication, APIs and tokens

    • Discovery and Recon of services and applications

    • Enumeration in Azure

      • Using Azure Portal, Az PowerShell and Az CLI

      • Open source tools for enumeration (ROADTools, AzureHound)

    • Initial Access Attacks

      • By abusing Enterprise Apps, App Services, Function Apps and Insecure Storage,

      • Execute Phishing against MFA

      • Consent Grant Attacks

      • Authenticated Enumeration (Storage Accounts, Key vaults, Blobs, Automation Accounts, Deployment Templates etc.)

    •  Privilege Escalation (RBAC roles, Azure AD Roles, Automation Accounts, Group Ownership, Enterprise Apps, Managed Identity) 

    Day 2

    • Lateral Movement (Pass-the-PRT, Pass-the-Certificate, Across Tenant, cloud to on-prem, on-prem to cloud, Hybrid Identity, Continuous Deployment)

    • Persistence techniques (Enterprise Apps, Hybrid Identity, Dynamic Groups, VMs, NSGs, DevOps)

    • Data Mining using IAM, Deployment History, Code Repositories and storage accounts

    • Defenses, Monitoring and Auditing and Bypassing Defenses

      • Azure Security categorization

      • Microsoft Defender for Cloud

      • Privileged Identity Management

      • Conditional Access

      • Just-in-Time Access

      • Identity Protection

      • Monitoring using Azure Monitor

      • Continuous Access Evaluation

      • Azure Sentinel

      • Bypassing Defenses like CAP, MFA, Defender for Cloud and Entra ID Protection.

    Difficulty Level:

    Beginner/Intermediate

    Suggested Prerequisites:

    • Basic understanding of Azure and Entra ID is desired.

    • Basic understanding of Cloud Security is desired but not mandatory.

    What Students Should Bring: 

    • System with 4 GB RAM and ability to install OpenVPN client and RDP to Windows boxes.

    • Privileges to disable/change any antivirus or firewall.

    Trainer(s) Bio:

    Nikhil’s areas of interest include red teaming, Azure and active directory security, attack research, defense strategies and post exploitation research. He has 15+ years of experience in red teaming.

    He specializes in assessing security risks in secure environments that require novel attack vectors and "out of the box" approach. He has worked extensively on Azure, Active Directory attacks, defense and bypassing detection mechanisms. Nikhil has held trainings and bootcamps for various corporate clients (in US, Europe and SE Asia), and at the world's top information security conferences.

    He has spoken/trained at conferences like DEF CON, BlackHat, BruCON and more. 

    Nikhil is the founder of Altered Security - a company focusing on hands-on enterprise security learning - https://www.alteredsecurity.com/

    Registration Terms and Conditions: 

    Trainings are refundable before July 8, 2025, minus a non-refundable processing fee of $250.

    Trainings are non-refundable after July 8, 2025.

    Training tickets may be transferred. Please email us at training@defcon.org for specifics.

    If a training does not reach the minimum registration requirement, it may be cancelled. In the event the training you choose is cancelled, you will be provided the option of receiving a full refund or transferring to another training (subject to availability).

    Failure to attend the training without prior written notification, will be considered a no-show. No refund will be given.

    By purchasing this ticket you agree to abide by the DEF CON Training Code of Conduct and the registration terms and conditions listed above.

    Several breaks will be included throughout the day. Please note that food is not included.

    $2,000.00
    $2,200.00
    DEF CON Communications, inc.

    1100 Bellevue way NE

    8A-85

    Bellevue, WA 98004

    Powered by Shopify