top of page
attacking and defending

Attacking and Defending Azure Cloud: Advanced Edition [February 2025]

Take your Azure Red Team skills to the next level. Get trained in Azure pentesting, Red Teaming and Defense against an enterprise-like live Azure environment with focus on OPSEC and bypassing defenses. Earn the Certified Azure Red Team Expert (CARTE) certification.

Starts: 1st February 2025  Duration: 4 weeks
Recordings of live sessions included!

CARTE Certificate

What You Will Learn

This advanced bootcamp is designed to help security professionals in understand, analyze and practice attacks in an enterprise-like live Azure environment that has effective security controls in place. 
You will be able to practice and sharpen popular tactics, techniques and procedures (TTPs) for Azure environments. In addition, you will learn how to bypass security controls like Advanced Conditional Access Policies, Multiple ways to bypass MFA that is enforced using different methods, Privileged Identity Management (PIM) and Microsoft Defender for Cloud. 
The class also focuses on abuse of JWT signing, Family of Client IDs (FOCI), Attribute Based Access Control (ABAC), Temporary Access Password (TAP), Custom Claims, Cross Tenant Access, Azure Lighthouse, Azure ARC, Multi-Cloud Access, Tokens form Office Applications and traffic and Abuse of Kerberos in Entra ID.

CARTE Phases

​4 Live Sessions
4 Hrs Per Session
4 Weeks Access
40 Flags To Be Collected
> 20 Lab Exercises
1 CARTE Attempt
Recordings Of Live Sessions

Cracked Concrete Wall

Build Your Cybersecurity Credentials

Become a Certified Azure Red Team Expert (CARTE)

A certificate holder has demonstrated expertise in running a red team operation against a highly secure enterprise-like Azure environment. They can assess security controls, analyze their efficacy and recommend mitigations against misconfigurations. Due to hands-on nature of the lab and certification, a certificate holder is ready to use the skills to enhance and improve security posture of an organization.

Bootcamp Completion Certificate

Attendees will also get a course completion certificate after completing Learning Objectives covered during the course.

CARTE.png

Live Session Schedule

Weekly 4 hours sessions start at 09:00am ET and end at 01:00pm ET. 

DATE
LIVE SESSIONS
01 February 2025
Introduction to Azure AD: Service Discovery, Recon, Enumeration and Initial Access Attacks
08 February 2025
Authenticated Enumeration and Privilege Escalation
15 February 2025
Lateral Movement and Persistence Techniques
22 February 2025
Data Mining, Defenses, Monitoring & Auditing and Bypassing Defenses
Cracked Concrete Wall

Prerequisites

1. Basic understanding of Azure AD is desired but not mandatory.
2. System with 4 GB RAM and ability to install OpenVPN client and RDP to Windows boxes.
3. Privileges to disable/change any antivirus or firewall.

Bootcamp Syllabus

The course is split in four modules across four weeks:

Image by Gabriella Clare Marino

Module I

Introduction to the Attack Methodology

Understanding APIs, Endpoints and Versions

Understanding OAuth, Microsoft Identity Platform and Authorization Flows

Deep dive into Tokens and Claims

Image by Gabriella Clare Marino

Module II

Initial Access Attacks - Device Code Phishing, Illicit Consent Grant, Attacker In The Middle, Abusing JWT Signing, Abusing Custom Claims, Abusing GitHub Actions and Workflow Discovery and Recon

Enumeration of Azure AD (Entra ID) and Azure

Abusing MS Graph API

Image by Gabriella Clare Marino

Module III

Privilege Escalation by abusing Family of Client IDs, Certificate Based Authentication, Attribute Based Access Control, Privileged Identity Management, Tampering with Logic Apps, Authentication Cookies, Traffic Interception and more

Lateral Movement by abusing Azure Lighthouse, Cross Tenant Access Settings, Kerberos in Entra ID, Trust between tenants, Multi-Cloud Management, Azure ARC, Token Extraction, Authentication Cookie Forging and Replay etc.


Persistence techniques

Image by Gabriella Clare Marino

Module IV

Bypassing Defences - Advanced Conditional Access Policies, Multiple ways to bypass MFA that is enforced using different methods, Privileged Identity Management (PIM) and Microsoft Defender for Cloud.
Detecting and Stopping the attacks used in the class using Log Analysis and MS tools like Identity Protection, MFA, Conditional Access and Defender for Cloud.

Bootcamp Syllabus
Image by Stepan Sargsyan
Anchor 1

Purchase Options

BLACK FRIDAY DEALS

- Flat 20% OFF on All Courses and Bootcamps in Q1 & Q2 2025
- 25% OFF when you purchase more than one course
- No coupon code required
- Offer Valid From 25th October To 3rd December 2024

Bootcamp

​30 DAYS LAB ACCESS
+
BOOTCAMP
+
LIFE TIME ACCESS TO COURSE MATERIAL
+
​ONE CERTIFICATION EXAM ATTEMPT

$549

Extension

30 DAYS
LAB EXTENSION
+
ONE COMPLEMENTARY EXAM ATTEMPT

$399

Bootcamp

​60 DAYS LAB ACCESS
+
BOOTCAMP
+
LIFE TIME ACCESS TO COURSE MATERIAL
+
​ONE CERTIFICATION EXAM ATTEMPT

$749

Bootcamp

​90 DAYS LAB ACCESS
+
BOOTCAMP
+
LIFE TIME ACCESS TO COURSE MATERIAL
+
​ONE CERTIFICATION EXAM ATTEMPT

$949

Exam Reattempt is only for existing or past students of this course who have already purchased this course in the past.

Reattempt


EXAM
REATTEMPT


 

$99

Keanu Nys

MEET THE INSTRUCTOR

Keanu Nys profile.jpeg

Keanu is an information security researcher from Belgium with several years of hands-on experience performing penetration tests and red team assessments for organizations, and currently leads an offensive security team. While he has a passion for all offensive cybersecurity topics, he mostly specializes in Active Directory, Azure AD and Social Engineering.

 

​He has presented at security conferences such as BruCon, and is the author of the Microsoft 365 and Entra attacking toolkit GraphSpy

Can't attend this bootcamp?
Get informed about future bootcamps!

Thanks for subscribing!

bottom of page