top of page
Active Directory Attacks for Red and Blue Teams - Advanced Edition (CRTE)

Cloud Red Team Tactics for Azure – Beginner Edition

 

This training is also available as Cloud Red Team Tactics for  Attacking & Defending Azure: Beginner's Edition as a bootcamp and on-demand class

Overview & Course Content

More than 95 percent of Fortune 500 use Azure and Entra ID. This makes it imperative to understand the risks associated with Azure as it contains an enterprise's infrastructure, apps, AI agents, identities and a lot more.

In addition to cloud-only identity, the ability to connect on-prem Active Directory, applications and infrastructure to Azure brings some very interesting opportunities and risks too. Often complex to understand, this setup of components, infrastructure and identity is a security challenge.

This hands-on training aims towards abusing features in Azure and several other services offered by it. We will cover multiple complex attack lifecycles against a lab containing multiple live Azure tenants.

All the phases of Azure red teaming and pentesting – Recon, Initial access, Enumeration, Privilege Escalation, Lateral Movement, Persistence and Data mining are covered. We will also discuss detecting and monitoring for the techniques we use.

The course is a mixture of fun, demos, exercises, hands-on and lecture. The training focuses more on methodology and techniques than tools.

If you are a security professional trying to improve your skills in Azure cloud security, Azure Pentesting or Red teaming the Azure cloud this is the right class for you!

  • Discovery and Recon of cloud services 

    • Introduction and Methodology of the course

    • Getting Started with the lab

  • Introduction to Azure and Entra ID 

    • Services

    • Concepts

    • Comparison with on-prem

    • Authentication, APIs and tokens

  •  Discovery and Recon of services and applications (45 minutes)

  • Enumeration in Azure 

    • Using Azure Portal, Az PowerShell and Az CLI

    • Open source tools for enumeration (ROADTools, AzureHound)

  • ​​Initial Access Attacks 

    • By abusing Enterprise Apps, App Services, Function Apps and Insecure Storage,

    • Execute Phishing against MFA

    • Consent Grant Attacks

  • ​​Authenticated Enumeration (Storage Accounts, Key vaults, Blobs, Automation Accounts, Deployment Templates etc.) 

  • Privilege Escalation (RBAC roles, Azure AD Roles, Automation Accounts, Group Ownership, Enterprise Apps, Managed Identity) 

  • Lateral Movement (Pass-the-PRT, Pass-the-Certificate, Across Tenant, cloud to on-prem, on-prem to cloud, Hybrid Identity, Continuous Deployment) 

  • Persistence techniques (Enterprise Apps, Hybrid Identity, Dynamic Groups, VMs, NSGs, DevOps) 

  • Data Mining using IAM, AI Agents, Deployment History, Code Repositories and storage accounts 

  • Defenses, Monitoring and Auditing and Bypassing Defenses 

    • Azure Security categorization

    • Microsoft Defender for Cloud

    • Privileged Identity Management

    • Conditional Access

    • Just-in-Time Access

    • Identity Protection

    • Monitoring using Azure Monitor

    • Continuous Access Evaluation

  • Bypassing Defenses like CAP, MFA, Defender for Cloud and Entra ID Protection.

Attendees will get two months access to a live Azure lab environment containing multiple tenants during and after the class and an attempt to Certified by AlteredSecurity Red Team Professional for Azure (CARTP) certification exam.

Who should take this course?

Red teamers and penetration testers who want to improve their Azure attack skills should take this class. Blue teamers, Azure administrators and security professionals who want to understand the approach and techniques of adversaries should take this class.

What's Included

  • Access to a lab environment (One/Two/Three months) with live Azure environment. Lab can be accessed using a web browser or VPN. 

  • ​A ready to use student VM in the cloud that has all the tools pre-installed.

  • ​​Life time access to all the learning material (including course updates).

  • 15+ hours of video course with English captions.

  • Course slides.

  • Lab manual.

  • Kill chain and Threat Matrix diagrams.

  • Walk-through videos.

  • One exam attempt for Certified by Altered Security Red Team Professional for Azure (CARTP) certification.

  • ​Support on email and Discord.

What will you Learn?

This course helps in upskilling to one of the most coveted skill in information security – Azure Red Team. Drawing from our experience of more than a decade to teach at hacker conferences, this hands-on course helps someone in improving their Azure security skills. The course lab is designed in a way that students can solve it in multiple ways! The lab also includes a CTF for those students who would like more challenge.

  • The course lab runs on a live Azure environment. Therefore, whatever you learn in the lab is immediately applicable to your job.

  • Practice attacks on Azure in a unique live lab environment that has multiple Azure tenants and a large number of different resources including hybrid identity and on-prem infrastructure.

  • There are 4 independent ‘Kill Chains’ and 1 CTF included in the lab environment! Students can play for hours and solve the lab with different approaches.

  • The lab has User simulations for practicing Illicit Consent Grant and other phishing attacks.

  • The focus of the course and lab is abuse of features. This means that whatever you learn in the course would have a very long shelf life.

  • Understand Azure security concepts and apply them in a unique lab environment.

  • Understand the defenses available to counter the discussed attacks and analyze the footprints of the attackers!

Prerequisites for the course

  • Basic understanding of Azure and Entra ID is desired but not mandatory.

  • Basic understanding of Cloud Security is desired but not mandatory.

Top 3 takeaways

1

The course helps the students in learning and understanding attacks against an organization that is using Azure by executing a full 'kill chain'/attack lifecycle.

2

Students get to practice attacks on Azure in a live lab environment that has multiple Azure tenants and many different resources including AI agents, hybrid identity and on-prem infrastructure. We really have invested a lot in making these labs fun, stable and compliant to Microsoft directives. The lab is an Azure cloud playground and students can solve it in multiple ways.

3

Students can understand the defenses available to counter the attacks discussed and analyze the footprints of the attackers!

About the Trainer

Red Team Lab, Red Team Certifications, Red Team Trainings, Azure Pentesting, Azure Security

Nikhil is the founder of Altered Security - a company focusing on hands-on enterprise security learning - https://www.alteredsecurity.com. As a global leader in cybersecurity education, he has nurtured the field, helping bring it from niche groups to the mainstream.

Nikhil’s areas of interest include red teaming, Azure and active directory security, attack research, defense strategies and post exploitation research. He has 15+ years of experience in red teaming.

He specializes in assessing security risks at secure environments that require novel attack vectors and "out of the box" approach. He has worked extensively on Azure, Active Directory attacks, defense and bypassing detection mechanisms. Nikhil has held trainings and boot camps for various corporate clients (in US, Europe and SE Asia), and at the world's top information security conferences.

He has spoken/trained at conferences like DEF CON, BlackHat, BruCON and more.

bottom of page