Hacking Azure: From Recon to Domination

This is our 2-day beginner-intermediate Azure course

As organizations rapidly adopt Microsoft Azure, the risk of misconfigurations and security gaps grows, making cloud environments a prime target for attackers. Understanding offensive security techniques in Azure is critical for penetration testers, security professionals, and cloud engineers aiming to assess and fortify cloud security..

2 day practical class, 2025 edition

Available by Partners

Live, online available

Lab for 30 days

Intermediate

Course Overview

Is it for me?

This intensive 2-day hands-on training is designed to teach real-world attack techniques used against Azure environments. Participants will explore the entire attack chain, from reconnaissance and initial access to lateral movement, token theft, cloud-to-on-prem pivoting, and privilege escalation. The training also includes bypassing conditional access policies, abusing misconfigured identities, and leveraging automation services for persistence.

With 18+ hands-on labs, attendees will step into the attacker’s mindset, executing live exploitation scenarios while gaining expertise in offensive tooling, enumeration methods, and security bypasses. This training, led by seasoned cloud security professionals, provides an in-depth understanding of Azure hacking techniques while covering mitigation strategies to help organizations secure their cloud infrastructure effectively..

Interested?

1. Our courses are available directly from us; through our training partners or at worldwide technical conferences.

2. You can find course dates and prices on the Courses and Webinars page.
Click here for course dates, prices and content

3. Take a look below at a few of the upcoming courses for this specific training.

4. For more information including private course requests, complete the short form below.

Course Details

This course uses a Defence by Offense methodology based on real-world engagements and offensive research (not theory). That means everything we teach has been tried and tested on live environments and in our labs and can be applied once the course is completed. By the end of the course, you’ll know how to:

Think and behave like an advanced, real-world threat actor.
Identify and exploit complex misconfigurations in Microsoft Azure.
Design your penetration tests around real-world attacker behaviours and tooling, making them relevant to the threats facing your organization.
Identify the attack surface exposure created by cloud-based services such as virtual machines (VMs), buckets, container as a service (CaaS) platforms, and serverless functions.

You will receive:

Access to our Hack-Lab, not just for your work during the course, you will have access for 30 days after the course too. This gives you plenty of time to practice the concepts taught during the course.

Details of the course content:

Introduction to Azure and Cloud Computing

This module introduces the core concepts of cloud computing, emphasizing the importance of security.

Introduction to the Cloud>
Importance of Cloud Security
Importance of Cloud Metadata API from an Attacker’s perspective
Introduction to the Azure

Cloud asset enumeration focusing azure environment

This module will explore DNS-based Enumeration techniques, gaining insights into identifying cloud assets through DNS records.

Importance of DNS in the Cloud
DNS-based Enumeration
Open-Source Intelligence Gathering (OSINT) techniques for Cloud Asset Enumeration
Username enumeration using Cloud provider APIs and Leaked Database

Azure storages

This module culminates with a focus on securing Azure's Shared Access Signature (SAS) URLs. Attendees will gain the knowledge and skills to secure their cloud storage effectively, avoiding common pitfalls and optimizing data protection in these cloud environments.

Introduction to Azure Storage.
Azure: Shared Access Signature (SAS) URL Misconfiguration

Attacking Microsoft azure resource manager services

The module extensively covers "Azure Resource Manager Attacks" across critical components such as App Service, Function App, Database, Automation Account, Key Vault and Logic Apps.

Azure Application Attacks on App Service, Function App and Storages
Azure Database
Automation Account.
Hybrid Automation Account Abuse.
Azure Key Vault.
Azure Logic Apps.

Attacking azure DevOps

This module provides an in-depth analysis of the security implications of Azure DevOps, focusing on potential privilege escalation scenarios within a DevOps environment. Participants will also learn how to enumerate other key DevOps services, such as Azure Repos and Azure Container Registry, which are closely integrated with Azure DevOps for daily operations.

Introduction to Azure DevOps.
Understanding Azure DevOps Service Connection and potential abuse.
Exploiting Azure repository and Azure container registry for sensitive information.

Azure ARC service

This module provides an in-depth analysis of the security implications of Azure Arc, focusing on potential privilege escalation scenarios in a hybrid cloud environment.Participants will learn how Azure Arc integrates with on-premises and multi-cloud environments, enabling the management of resources across different infrastructures.

Abusing Entra ID misconfigurations

This module provides an in-depth analysis of Microsoft Entra ID, focusing on its authentication methods, security risks, and attack scenarios in cloud environments.

Introduction to Microsoft Entra ID authentication methods and associated risks.
Attacking Microsoft Entra ID, focusing on Managed User Identities.
Bypassing MFA security and evading Conditional Access Policies.
Exploiting Dynamic Membership Policies for privilege escalation.
Leveraging Azure Identity Protection to detect and respond to threats.
Using Refresh Tokens to Maintain Persistent Access to Office 365 and SharePoint Drive.

Backdooring azure environments: persistence techniques

This module explores techniques attackers use to backdoor Azure environments, ensuring persistent access while remaining unnoticed. Participants will learn how to manipulate Azure configurations, exploit identity and access management (IAM) flaws, and abuse legitimate services to maintain unauthorized access. The session also covers defensive measures to detect and mitigate such threats.

Azure ad identity protection

This module provides an in-depth understanding of Azure AD Identity Protection, focusing on its security mechanisms, risk detection, and potential attack vectors. Participants will learn how Microsoft Entra ID analyzes sign-in behavior, detects threats, and enforces security policies.

Enquire about your training

We provide training directly (live, online or in person) and also work with a range of training partners in different locations around the globe for classroom or live, online training. Please contact us with details of your requirement and we will recommend the best route to access our amazing training.

Prerequisites

Who should take this class?

Penetration testers and red teamers
CSIRT/SOC analysts and engineers/blue teams
Developers
Security/IT managers and team leads

What you will learn:

This course is suitable for anyone with a stake or interest in Azure cloud security, from technical practitioners to decision-makers. The syllabus is designed to cover Azure cloud misconfigurations and advanced hacking techniques while equipping participants with the skills to conduct penetration tests on cloud environments and identify security gaps effectively.

Additionally, this course provides a practical, hands-on approach to cloud penetration testing, allowing participants to apply the acquired skills directly in their day-to-day pen-testing activities. By following a structured pen-testing methodology, attendees will gain real-world experience in assessing, exploiting, and understanding Azure security risks.

Think and behave like a sophisticated attacker targeting LLM-based systems

Understand how attackers discover and exploit prompt injections, insecure output handling, data poisoning, and other vulnerabilities in AI workflows

Identify and exploit security weaknesses specific to LLM integrations

Practice detecting and attacking common pitfalls (e.g., plugin misconfiguration, overreliance, and supply chain exposures) in real-world lab environments

Implement effective prompt engineering and defensive measures

Learn to craft prompts that minimize leakage, prevent injection, and ensure your LLM responds reliably within controlled security parameters

Design LLM applications with minimal attack surface

Explore best practices for restricting AI agent functionality (excessive agency), hardening plugin interfaces, and securing AI-driven workflows

Apply forward-thinking strategies to protect training and inference data

Develop robust security controls in real-world deployments

Translate lab exercises into practical solutions by integrating logging, monitoring, and guardrails for continuous protection of LLM-based services

Upcoming Courses

Click here for more courses

Course Information

You can download a copy of the course information below.

In addition you will also be provided with a student pack, handouts and cheat-sheets if appropriate.

Download the course information

Your Training Roadmap

Offensive Classes

Hacking training for all levels: new to advanced. Ideal for those preparing for certifications such as CREST CCT (ICE), CREST CCT (ACE), CHECK (CTL), TIGER SST as well as infrastructure / web application penetration testers wishing to add to their existing skill set.

Defensive Classes

Giving you the skills needed to get ahead and secure your business by design. We specialise in application security (both secure coding and building security testing into your software development lifecycle) and cloud security. Build security capability into your teams enabling you to move fast and stay secure.