Hacking Azure

Virtual Learning:1,990€ + IVA

Duração icon

Duração:

2 dias

Próxima Data icon

Próxima Data:

2 a 3 Feb 2026

Local icon

Local:

Online

Descrição

This intensive 2-day hands-on training is designed to teach real-world attack techniques used against Azure environments. Participants will explore the entire attack chain, from reconnaissance and initial access to lateral movement, token theft, cloud-to-on-prem pivoting, and privilege escalation. The training also includes bypassing conditional access policies, abusing misconfigured identities, and leveraging automation services for persistence.

With 18+ hands-on labs, attendees will step into the attacker’s mindset, executing live exploitation scenarios while gaining expertise in offensive tooling, enumeration methods, and security bypasses. This training, led by seasoned cloud security professionals, provides an in-depth understanding of Azure hacking techniques while covering mitigation strategies to help organizations secure their cloud infrastructure effectively..

*PVP por participante. A realização do curso nas datas apresentadas está sujeita a um quórum mínimo de inscrições.

Destinatários

  • Cloud administrators and architects
  • Penetration testers and red teamers
  • CSIRT/SOC analysts and engineers/blue teams
  • Developers
  • Security/IT managers and team leads

  • Área: Cybersecurity

Inscrição

Programa:

INTRODUCTION TO AZURE AND CLOUD COMPUTING

  • Introduction to the Cloud
  • Importance of Cloud Security
  • Importance of Cloud Metadata API from an Attacker’s perspective
  • Introduction to the Azure

CLOUD ASSET ENUMERATION FOCUSING AZURE ENVIRONMENT

  • Importance of DNS in the Cloud
  • DNS-based Enumeration
  • Open-Source Intelligence Gathering (OSINT) techniques for Cloud Asset Enumeration
  • Username enumeration using Cloud provider APIs and Leaked Database

AZURE STORAGES

  • Introduction to Azure Storage
  • Azure: Shared Access Signature (SAS) URL Misconfiguration

ATTACKING MICROSOFT AZURE RESORUCE MANAGER SERVICES

  • Azure Application Attacks on App Service, Function App and Storages
  • Azure Database
  • Automation Account
  • Hybrid Automation Account Abuse
  • Azure Key Vault
  • Azure Logic Apps

ATTACKING AZURE DEVOPS

  • Introduction to Azure DevOps
  • Understanding Azure DevOps Service Connection and potential abuse.
  • Exploiting Azure repository and Azure container registry for sensitive information.

AZURE ARC SERVICE

ABUSING ENTRA ID MISCONFIGURATIO NS

  • Introduction to Microsoft Entra ID authentication methods and associated risks
  • Attacking Microsoft Entra ID, focusing on Managed User Identities
  • Bypassing MFA security and evading Conditional Access Policies
  • Exploiting Dynamic Membership Policies for privilege escalation
  • Leveraging Azure Identity Protection to detect and respond to threats
  • Using Refresh Tokens to Maintain Persistent Access to Office 365 and SharePoint Drive

BACKDOORING AZURE ENVIRONMENTS: PERSISTENCE TECHNIQUES

AZURE AD IDENTITY PROTECTION

Pré-requisitos:

Delegates must have the following to make the most of the course:

  • Basic to intermediate knowledge of cybersecurity (1.5+ years’ experience)
  • Experience with common command line syntax of Azure Cloud CLI

Inscrição

Livro de Reclamações DGERT Certificação

Powered by IGNIT

A Claranet Portugal Company