Nikhil Mital - Azure Cloud Attacks for Red and Blue Teams $2,400

Training description:

More than 95 percent of Fortune 500 use Azure today! A huge number of organizations now use Azure AD as an Identity and Access Management platform using the hybrid cloud model. This makes it imperative to understand the risks associated with Azure as identities of users across an enterprise are authenticated using it. 
This hands-on training aims towards abusing Azure and a number of services offered by it. We will cover multiple complex attack lifecycles against a lab containing multiple live Azure tenants. 

You get one month access to a live Azure lab environment containing multiple tenants during and after the class.
Non-exhaustive list of topics:
-  Introduction to Azure 
-  Discovery and Recon of services and applications 
-  Enumeration 
-  Initial Access Attacks
-  Enumeration post authentication
-  Privilege Escalation
-  Lateral Movement
-  Persistence techniques 
-  Data Mining
-  Defenses, Monitoring and Auditing 
-  Bypassing Defenses

Course overview:

Detailed outline - Day 1
Discovery and Recon of cloud services (30 minutes)
- Introduction and Methodology of the course
- Getting Started with the lab
Introduction to Azure and Azure AD (60 minutes)
- Services
- Concepts
- Comparison with on-prem
- Authentication, APIs and tokens
Discovery and Recon of services and applications (45 minutes)
Enumeration in Azure (60 minutes)
- Using Azure Portal, Az PowerShell and Az CLI
- Open source tools for enumeration (ROADTools, StormSpotter, AzureHound)
Initial Access Attacks (150 minutes)
- By abusing Enterprise Apps, App Services, Logical Apps, Function Apps and Insecure Storage, 
- Execute Phishing against MFA
- Consent Grant Attacks
Authenticated Enumeration (Storage Accounts, Key vaults, Blobs, Automation Accounts, Deployment Templates etc.) (60 minutes)
Privilege Escalation (RBAC roles, Azure AD Roles, Automation Accounts, Group Ownership, Enterprise Apps, Managed Identity) (75 minutes)


Detailed outline - Day 2
Lateral Movement (Pass-the-PRT, Pass-the-Certificate, Across Tenant, cloud to on-prem, on-prem to cloud, Hybrid Identity, Continuous Deployment) (240 minutes)
Persistence techniques (Enterprise Apps, Hybrid Identity, Dynamic Groups, VMs, NSGs, DevOps) (120 minutes)
Data Mining using IAM, Deployment History, Code Repositories and storage accounts (60 minutes)
Defenses, Monitoring and Auditing and Bypassing Defenses (60 minutes)
- Azure Security categorization
- Microsoft Defender for Cloud
- Privileged Identity Management
- Conditional Access
- Just-in-Time Access
- Identity Protection
- Monitoring using Azure Monitor
- Azure Sentinel

 

 

Takeaways for the students after completing the class:

- The course helps the students in learning and understanding attacks against an organization that is using Azure by executing a full 'kill chain'/attack lifecycle!
 
- Students get to practice attacks on Azure in a live lab environment that has multiple Azure tenants and a large number of different resources including hybrid identity and on-prem infrastructure. We really have invested a lot in making these labs fun, stable and compliant to Microsoft directives. The lab is an Azure cloud playground and students can solve it in multiple ways. 

- Students can understand the defenses available to counter the discussed attacks and analyze the footprints of the attackers!

- An attempt for Certified Azure Red Team Professional (CARTP)

 Student skill level:

The class is beginner friendly! We only expect basic knowledge of cloud security from students. 

 

 What should students bring to the Training?:

- System with 4 GB RAM and ability to install OpenVPN client and RDP to Windows boxes. 
- Privileges to disable/change any antivirus or firewall.

Bio:

Nikhil Mittal is a hacker, infosec researcher, speaker and enthusiast. His area of interest includes red teaming, Azure and active directory security, attack research, defense strategies and post exploitation research. He has 13+ years of experience in red teaming. 

He specializes in assessing security risks at secure environments that require novel attack vectors and "out of the box" approach. He has worked extensively on Azure, Active Directory attacks, defense and bypassing detection mechanisms. Nikhil has held trainings and boot camps for various corporate clients (in US, Europe and SE Asia), and at the world's top information security conferences. 

He has spoken/trained at conferences like DEF CON, BlackHat, BruCON and more. 

He is the founder of Altered Security - a company focusing on hands-on enterprise security learning - https://www.alteredsecurity.com/

Trainer(s) social media links: @nikhil_mitt, @alteredsecurity

Previous Trainings:

BlackHat USA 2022 - https://www.blackhat.com/us-22/training/schedule/#azure-cloud-attacks-for-red-and-blue-teams-25791

BruCON 2021 - https://www.brucon.org/2021/brucon-2021-training/azure-ad-attacks-for-red-and-blue-teams-basic-edition/

DATE: August 14th-15th 2023
TIME: 8am to 5pm PDT
VENUE: Caesars Forum Ballroom
TRAINER: Nikhil Mital

All participants will receive a course completion certificate.

- 16 hours of training with a certificate of completion
- 2 coffee breaks are provided per day
- Note: Food is not included

 

Registration terms and conditions:

Trainings are refundable before July 1st, the processing fee is $250.

Trainings are non-refundable after July 10th, 2023.

Training tickets may be transferred. Please email us for specifics.

Failure to attend the Training without prior written notification, will be considered a No-Show. No refund will be given.

By purchasing this ticket you agree to abide by the DCT Code of Conduct and the registration terms and conditions listed above.