Attacking and Defending Azure AD Cloud: Beginner's Edition [May 2023]
Upgrade to one of the most coveted Cloud skills – Azure Active Directory (AD) Security. Train in Azure pentesting, Red Teaming and defense in multiple live Azure tenants and hybrid infrastructure. Earn the Certified Azure Red Team Professional (CARTP) certification.
Starts: 13th May 2023 Duration: 4 weeks
Recordings of live sessions included!
What You Will Learn
This 4-week beginner-friendly bootcamp is designed for security professionals looking to upskill in Azure Active Directory (AD) Cloud security, Azure Pentesting and Red Teaming the Azure Cloud. It covers all phases of Azure Red Teaming and pentesting – Recon, Initial access, Enumeration, Privilege Escalation, Lateral Movement, Persistence and Data Mining. The bootcamp will focus on methodology and techniques, through instructor demos, exercises and hands-on labs.
The instrcutor-led classes, hands-on labs and group learning will prepare you for the certification exam – becoming a Certified Azure Red Team Professional (CARTP) demonstrates your skills and a strong understanding of the Azure and Azure Active Directory environment.
4 Live Sessions
3 Hrs Per Session
4 Weeks Access
40 Flags To Be Collected
> 20 Lab Exercises
1 CARTP Attempt
Recordings Of Live Sessions
Build Your Cybersecurity Credentials
Become a Certified Azure Red Team Professional (CARTP)
With this certification, you’re adding to your CV one of the most coveted Cloud skills – Azure Active Directory (AD) Security. Become a CARTP to - You need to clear a 24 hours live exam containing multiple Azure resources and tenants to earn the certification. A Certified Azure Red Team Professional (CARTP) holder demonstrates the skills to understand and assess security of an Azure environment.
Bootcamp Completion Certificate
Attendees will also get a course completion certificate after completing Learning Objectives covered during the course.
Live Session Schedule
Weekly 3.5 hr sessions start at 10:00am ET and end at 1:30pm ET.
Date | Live Sessions |
|---|---|
13th May 2023 | Introduction to Azure AD: Service Discovery, Recon, Enumeration and Initial Access Attacks |
20th May 2023 | Authenticated Enumeration and Privilege Escalation |
27th May 2023 | Lateral Movement and Persistence Techniques |
3rd June 2023 | Data Mining, Defenses, Monitoring & Auditing and Bypassing Defenses |
Prerequisites
1. Basic understanding of Azure AD is desired but not mandatory.
2. System with 4 GB RAM and ability to install OpenVPN client and RDP to Windows boxes.
3. Privileges to disable/change any antivirus or firewall.
Bootcamp Syllabus
The course is split in four modules across four weeks:
Module I:
Introduction to Azure AD
Discovery and Recon of services and applications
Enumeration
Initial Access Attacks (Enterprise Apps, App Services, Logical Apps, Function Apps, Unsecured Storage, Phishing, Consent Grant Attacks)
Module II:
Authenticated Enumeration (Storage Accounts, Key vaults, Blobs, Automation Accounts, Deployment Templates, etc)
Privilege Escalation (RBAC roles, Azure AD Roles, Across subscriptions)
Module III:
Lateral Movement
(Pass-the-PRT, Pass-the-Certificate, Across Tenant, cloud to on-prem, on-prem to cloud)
Persistence techniques
Module IV:
Data Mining
Defenses, Monitoring and Auditing (CAP, PIM, PAM, Security Center, JIT, Risk policies, MFA, MTPs, Azure Sentinel)
Bypassing Defenses
Collect your course completion certificate, and schedule your Certified Az Red Team Professional [CARTP] exam.
Nikhil Mittal
MEET THE INSTRUCTOR
Nikhil Mittal is a hacker, infosec researcher, speaker and enthusiast. His area of interest includes red teaming, Azure and active directory security, attack research, defense strategies and post exploitation research. He has 15+ years of experience in red teaming.
He specializes in assessing security risks at secure environments that require novel attack vectors and "out of the box" approach. He has worked extensively on Azure AD, Active Directory attacks, defense and bypassing detection mechanisms.
Nikhil has trained more than 10000 security professionals in private trainings and at the world’s top information security conferences.
He has spoken/trained at conferences like DEF CON, BlackHat, BruCON and more.
He is the founder of Altered Security - a company focusing on hands-on enterprise security learning - https://www.alteredsecurity.com/