Altered Security - Azure Cloud Attacks for Red & Blue Teams $2,400 (Early $2,200)
Name of Training:
Azure Cloud Attacks for Red and Blue Teams
Description:
This hands-on training aims towards abusing Azure and a number of services offered by it. We will cover multiple complex attack lifecycles against a lab containing multiple live Azure tenants.
Training description:
More than 95 percent of Fortune 500 use Azure today! A huge number of organizations now use Azure AD as an Identity and Access Management platform using the hybrid cloud model. This makes it imperative to understand the risks associated with Azure as identities of users across an enterprise are authenticated using it.
This hands-on training aims towards abusing Azure and a number of services offered by it. We will cover multiple complex attack lifecycles against a lab containing multiple live Azure tenants.
You get one month access to a live Azure lab environment containing multiple tenants during and after the class.
Non-exhaustive list of topics:
- Introduction to Azure
- Discovery and Recon of services and applications
- Enumeration
- Initial Access Attacks
- Enumeration post authentication
- Privilege Escalation
- Lateral Movement
- Persistence techniques
- Data Mining
- Defenses, Monitoring and Auditing
- Bypassing Defenses
- The course helps the students in learning and understanding attacks against an organization that is using Azure by executing a full 'kill chain'/attack lifecycle!
- Students get to practice attacks on Azure in a live lab environment that has multiple Azure tenants and a large number of different resources including hybrid identity and on-prem infrastructure. We really have invested a lot in making these labs fun, stable and compliant to Microsoft directives. The lab is an Azure cloud playground and students can solve it in multiple ways.
- Students can understand the defenses available to counter the discussed attacks and analyze the footprints of the attackers!
- An attempt for Certified Azure Red Team Professional (CARTP)
Trainer Bio's:
Munaf Shariff
Munaf is an information security professional whose areas of interest include penetration testing, red teaming, malware development, defense evasion and Active Directory security. Munaf likes to research on EDR evasion and C2 frameworks. He has worked extensively on various Red Team and Active Directory security topics.
He works as a Security Researcher at Altered Security - a company focusing on hands-on Azure security learning - https://www.alteredsecurity.com/
Nagendrra C
Nagendrra is an information security professional whose areas of interest includes Azure, Active Directory security, and application security. Nagendrra likes to research on enterprise security attacks and defense. He has worked extensively on Azure and application security.
He works as a Security Researcher at Altered Security - a company focusing on hands-on Azure security learning - https://www.alteredsecurity.com/
Trainer(s) social media links:
https://twitter.com/alteredsecurity : @alteredsecurity
Outline:
Day 1:
Detailed outline - Day 1
Discovery and Recon of cloud services (30 minutes)
- Introduction and Methodology of the course
- Getting Started with the lab
Introduction to Azure and Azure AD (60 minutes)
- Services
- Concepts
- Comparison with on-prem
- Authentication, APIs and tokens
Discovery and Recon of services and applications (45 minutes)
Enumeration in Azure (60 minutes)
- Using Azure Portal, Az PowerShell and Az CLI
- Open source tools for enumeration (ROADTools, StormSpotter, AzureHound)
Initial Access Attacks (150 minutes)
- By abusing Enterprise Apps, App Services, Logical Apps, Function Apps and Insecure Storage,
- Execute Phishing against MFA
- Consent Grant Attacks
Authenticated Enumeration (Storage Accounts, Key vaults, Blobs, Automation Accounts, Deployment Templates etc.) (60 minutes)
Privilege Escalation (RBAC roles, Azure AD Roles, Automation Accounts, Group Ownership, Enterprise Apps, Managed Identity) (75 minutes)
Day 2:
Detailed outline - Day 2
Lateral Movement (Pass-the-PRT, Pass-the-Certificate, Across Tenant, cloud to on-prem, on-prem to cloud, Hybrid Identity, Continuous Deployment) (240 minutes)
Persistence techniques (Enterprise Apps, Hybrid Identity, Dynamic Groups, VMs, NSGs, DevOps) (120 minutes)
Data Mining using IAM, Deployment History, Code Repositories and storage accounts (60 minutes)
Defenses, Monitoring and Auditing and Bypassing Defenses (60 minutes)
- Azure Security categorization
- Microsoft Defender for Cloud
- Privileged Identity Management
- Conditional Access
- Just-in-Time Access
- Identity Protection
- Monitoring using Azure Monitor
- Azure Sentinel
Technical difficulty:
Beginner friendly
Suggested Prerequisites:
We only expect basic knowledge of cloud security from students.
What students should bring:
- System with 4 GB RAM and ability to install OpenVPN client and RDP to Windows boxes.
- Privileges to disable/change any antivirus or firewall.
DATE: August 12th-13th 2024
TIME: 8am to 5pm PDT
VENUE: Sahara Las Vegas
TRAINER: Altered Security Team Member
All participants will receive a course completion certificate.
- 16 hours of training with a certificate of completion
- 2 coffee breaks are provided per day
- Note: Food is not included
Registration terms and conditions:
Trainings are refundable before July 1st, the processing fee is $250.
Trainings are non-refundable after July 10th, 2024.
Training tickets may be transferred. Please email us for specifics.
Failure to attend the Training without prior written notification, will be considered a No-Show. No refund will be given.
By purchasing this ticket you agree to abide by the DCT Code of Conduct and the registration terms and conditions listed above.