Attacking and Defending Azure Cloud: Advanced Edition [February 2025]
Take your Azure Red Team skills to the next level. Get trained in Azure pentesting, Red Teaming and Defense against an enterprise-like live Azure environment with focus on OPSEC and bypassing defenses. Earn the Certified Azure Red Team Expert (CARTE) certification.
Starts: 1st February 2025 Duration: 4 weeks
Recordings of live sessions included!
What You Will Learn
This advanced bootcamp is designed to help security professionals in understand, analyze and practice attacks in an enterprise-like live Azure environment that has effective security controls in place.
You will be able to practice and sharpen popular tactics, techniques and procedures (TTPs) for Azure environments. In addition, you will learn how to bypass security controls like Advanced Conditional Access Policies, Multiple ways to bypass MFA that is enforced using different methods, Privileged Identity Management (PIM) and Microsoft Defender for Cloud.
The class also focuses on abuse of JWT signing, Family of Client IDs (FOCI), Attribute Based Access Control (ABAC), Temporary Access Password (TAP), Custom Claims, Cross Tenant Access, Azure Lighthouse, Azure ARC, Multi-Cloud Access, Tokens form Office Applications and traffic and Abuse of Kerberos in Entra ID.
4 Live Sessions
4 Hrs Per Session
4 Weeks Access
40 Flags To Be Collected
> 20 Lab Exercises
1 CARTE Attempt
Recordings Of Live Sessions
Build Your Cybersecurity Credentials
Become a Certified Azure Red Team Expert (CARTE)
A certificate holder has demonstrated expertise in running a red team operation against a highly secure enterprise-like Azure environment. They can assess security controls, analyze their efficacy and recommend mitigations against misconfigurations. Due to hands-on nature of the lab and certification, a certificate holder is ready to use the skills to enhance and improve security posture of an organization.
Bootcamp Completion Certificate
Attendees will also get a course completion certificate after completing Learning Objectives covered during the course.
Live Session Schedule
Weekly 4 hours sessions start at 09:00am ET and end at 01:00pm ET.
DATE
LIVE SESSIONS
01 February 2025
Introduction to Azure AD: Service Discovery, Recon, Enumeration and Initial Access Attacks
08 February 2025
Authenticated Enumeration and Privilege Escalation
15 February 2025
Lateral Movement and Persistence Techniques
22 February 2025
Data Mining, Defenses, Monitoring & Auditing and Bypassing Defenses
Prerequisites
1. Basic understanding of Azure AD is desired but not mandatory.
2. System with 4 GB RAM and ability to install OpenVPN client and RDP to Windows boxes.
3. Privileges to disable/change any antivirus or firewall.
Bootcamp Syllabus
The course is split in four modules across four weeks:
Module I
Introduction to the Attack Methodology
Understanding APIs, Endpoints and Versions
Understanding OAuth, Microsoft Identity Platform and Authorization Flows
Deep dive into Tokens and Claims
Module II
Initial Access Attacks - Device Code Phishing, Illicit Consent Grant, Attacker In The Middle, Abusing JWT Signing, Abusing Custom Claims, Abusing GitHub Actions and Workflow Discovery and Recon
Enumeration of Azure AD (Entra ID) and Azure
Abusing MS Graph API
Module III
Privilege Escalation by abusing Family of Client IDs, Certificate Based Authentication, Attribute Based Access Control, Privileged Identity Management, Tampering with Logic Apps, Authentication Cookies, Traffic Interception and more
Lateral Movement by abusing Azure Lighthouse, Cross Tenant Access Settings, Kerberos in Entra ID, Trust between tenants, Multi-Cloud Management, Azure ARC, Token Extraction, Authentication Cookie Forging and Replay etc.
Persistence techniques
Module IV
Bypassing Defences - Advanced Conditional Access Policies, Multiple ways to bypass MFA that is enforced using different methods, Privileged Identity Management (PIM) and Microsoft Defender for Cloud.
Detecting and Stopping the attacks used in the class using Log Analysis and MS tools like Identity Protection, MFA, Conditional Access and Defender for Cloud.
Purchase Options
BLACK FRIDAY DEALS
- Flat 20% OFF on All Courses and Bootcamps in Q1 & Q2 2025
- 25% OFF when you purchase more than one course
- No coupon code required
- Offer Valid From 25th October To 2nd December 2024
Bootcamp
30 DAYS LAB ACCESS
+
BOOTCAMP
+
LIFE TIME ACCESS TO COURSE MATERIAL
+
ONE CERTIFICATION EXAM ATTEMPT
$549
$439
Extension
30 DAYS
LAB EXTENSION
+
ONE COMPLEMENTARY EXAM ATTEMPT
$399
$319
Bootcamp
60 DAYS LAB ACCESS
+
BOOTCAMP
+
LIFE TIME ACCESS TO COURSE MATERIAL
+
ONE CERTIFICATION EXAM ATTEMPT
$749
$599
Bootcamp
90 DAYS LAB ACCESS
+
BOOTCAMP
+
LIFE TIME ACCESS TO COURSE MATERIAL
+
ONE CERTIFICATION EXAM ATTEMPT
$949
$759
Exam Reattempt is only for existing or past students of this course who have already purchased this course in the past.
Reattempt
EXAM
REATTEMPT
$99
Keanu Nys
MEET THE INSTRUCTOR
Keanu is an information security researcher from Belgium with several years of hands-on experience performing penetration tests and red team assessments for organizations, and currently leads an offensive security team. While he has a passion for all offensive cybersecurity topics, he mostly specializes in Active Directory, Azure AD and Social Engineering.
He has presented at security conferences such as BruCon, and is the author of the Microsoft 365 and Entra attacking toolkit GraphSpy