Abusing Azure VMs :
When BitLocker Recovery Turns Into an Attack Vector
10 April 2026 | 10:00 AM ET | 2+ Hours Duration
Overview
Microsoft Azure, like all other cloud platforms, provides the foundational service of compute. Compute workloads can be used as production servers, application hosts, jump boxes, development environments, and platforms for running business-critical services. Azure Virtual Machines are the cornerstone of this compute offering, enabling organizations to deploy and manage Windows or Linux workloads in the cloud.
Just like in traditional data centers, Windows-based Azure VMs can be encrypted using BitLocker for an added layer of security at rest. Since these are virtual machines, the disks of critical compute workloads are usually backed up in the form of snapshots to support recovery, or migration.
In this webinar, we will learn how BitLocker recovery keys backed up to Entra ID can be abused by threat actors to access data stored on Azure VMs. We will explore how a VM disk snapshot can be obtained and unlocked to read its contents. We will then examine various ways to access the live Azure VM to enable further lateral movement. We will also discuss the potential impact and cover practical mitigations to reduce the risk.
.png)
Register
Unlock exclusive offers, webinars & giveaways
Attend Live Webinar
10 April 2026 | 10:00 AM ET | 2+ Hours Duration
Practice Attacks
Explore challenges and labs focused on Azure Security and Red Teaming on the Red Labs Platform
Get Webinar Participation Certificate
Unlock Exclusive Offers
Flat 20% OFF on Cloud Red Team Tactics for Attacking & Defending Azure – Beginner's (CARTP®) & Cloud Red Team Tactics for Attacking & Defending Azure – Advanced (CARTE®).
Hitesh Duseja
MEET THE INSTRUCTOR
Hitesh Duseja is a Security Researcher at Altered Security with a strong passion for Enterprise Cloud Security, and Red Teaming. He has an overall 7.5+ years of hand-on experience in the Information Security Domain and has been present on both the sides of the security boundary. He continuously researches attack vectors in Azure with a focus on Entra ID, Hybrid Identity and Intune to simulate threat actors and come up with implementable detective and preventive mitigations to help secure enterprise environments.