Cloud Red Team Tactics for Attacking and Defending Azure - Advanced Edition
Take your Azure Red Team skills to the next level. Get trained in Azure pentesting, Red Teaming and Defense against an enterprise-like live Azure environment with focus on OPSEC and bypassing defenses. Earn the Certified by Altered Security Red Team Expert for Azure (CARTE) certification.
Starts: 5th December 2025 Duration: 3 days
Video course included!
What You Will Learn
This 3-days class is designed to help security professionals in understand, analyze and practice attacks in an enterprise-like live Azure environment that has effective security controls in place.
You will be able to practice and sharpen popular tactics, techniques and procedures (TTPs) for Azure environments. In addition, you will learn how to bypass security controls like Advanced Conditional Access Policies, Multiple ways to bypass MFA that is enforced using different methods, Privileged Identity Management (PIM) and Microsoft Defender for Cloud.
The class also focuses on abuse of JWT signing, Family of Client IDs (FOCI), Attribute Based Access Control (ABAC), Temporary Access Password (TAP), Custom Claims, Cross Tenant Access, Azure Lighthouse, Azure ARC, Multi-Cloud Access, Tokens form Office Applications and traffic and Abuse of Kerberos in Entra ID.
3 Days Class
8 Hrs Per Session
8 Weeks Lab Access
40 Flags To Be Collected
> 20 Lab Exercises
1 CARTE Attempt
Video course included
Build Your Cybersecurity Credentials
Become a
Certified by Altered Security
Red Team Expert for Azure (CARTE)
A certificate holder has demonstrated expertise in running a red team operation against a highly secure enterprise-like Azure environment. They can assess security controls, analyze their efficacy and recommend mitigations against misconfigurations. Due to hands-on nature of the lab and certification, a certificate holder is ready to use the skills to enhance and improve security posture of an organization.
Course Completion Certificate
Attendees will also get a course completion certificate after completing Learning Objectives covered during the course.
Schedule
Daily 8 hours sessions start at 09:00am IST and end at 05:00pm IST.
DATE
TOPICS
05 December 2025
Introduction to Azure AD: Service Discovery, Recon, Enumeration and Initial Access Attacks
06 December 2025
Authenticated Enumeration and Privilege Escalation
07 December 2025
Lateral Movement and Persistence Techniques
Data Mining, Defenses, Monitoring & Auditing and Bypassing Defenses
Prerequisites
1. Basic understanding of Azure AD is desired but not mandatory.
2. System with 4 GB RAM and ability to install OpenVPN client and RDP to Windows boxes.
3. Privileges to disable/change any antivirus or firewall.
Syllabus
The course is split in four modules across three days:
Module I
Introduction to the Attack Methodology
Understanding APIs, Endpoints and Versions
Understanding OAuth, Microsoft Identity Platform and Authorization Flows
Deep dive into Tokens and Claims
Module II
Initial Access Attacks - Device Code Phishing, Illicit Consent Grant, Attacker In The Middle, Abusing JWT Signing, Abusing Custom Claims, Abusing GitHub Actions and Workflow Discovery and Recon
Enumeration of Azure AD (Entra ID) and Azure
Abusing MS Graph API
Module III
Privilege Escalation by abusing Family of Client IDs, Certificate Based Authentication, Attribute Based Access Control, Privileged Identity Management, Tampering with Logic Apps, Authentication Cookies, Traffic Interception and more
Lateral Movement by abusing Azure Lighthouse, Cross Tenant Access Settings, Kerberos in Entra ID, Trust between tenants, Multi-Cloud Management, Azure ARC, Token Extraction, Authentication Cookie Forging and Replay etc.
Persistence techniques
Module IV
Bypassing Defences - Advanced Conditional Access Policies, Multiple ways to bypass MFA that is enforced using different methods, Privileged Identity Management (PIM) and Microsoft Defender for Cloud.
Detecting and Stopping the attacks used in the class using Log Analysis and MS tools like Identity Protection, MFA, Conditional Access and Defender for Cloud.
Purchase Options
Purchase Includes
60 DAYS LAB ACCESS + ONE COURSE COMPLETION CERTIFICATE +
LIFE TIME ACCESS TO COURSE MATERIAL + ONE CERTIFICATION EXAM ATTEMPT
₹39,999 / $444
*
₹35,999 / $400
*
.
.
Vishal Raj
MEET THE INSTRUCTOR
Vishal Raj is a security researcher at Altered Security specializing in cloud security, red teaming, and network security. With a strong focus on identifying and exploiting misconfiguration in modern cloud environments, Vishal is passionate about enhancing enterprise security by simulating real-world attack scenarios and providing actionable defense strategies. Vishal extensively conducts research on Microsoft Entra ID, contributing to the understanding of identity and access management vulnerabilities in cloud environments.
In addition to his technical expertise, Vishal actively contributes to the cybersecurity community by writing insightful blogs on a variety of security topics. His writings aim to bridge the gap between theoretical concepts and practical application, empowering others in the field.
Terms of Service © 2025 by Altered Security Solutions Pvt Ltd. All Rights Reserved Privacy Policy Code of Conduct