Attacking and Defending Azure AD Cloud: Beginner's Edition

Upgrade to one of the most coveted Cloud skills – Azure Active Directory (AD) Security. Train in Azure pentesting, Red Teaming and defense in multiple live Azure tenants and hybrid infrastructure.
Write your awesome label here.
Starts: 22 May 2021  Duration: 4 weeks
Recordings of live sessions included!

What's included?

  • Become a Certified Az Red Team Professional (CARTP)

Learn to abuse Azure AD and a number of services offered by it and cover multiple complex attack lifecycles against a lab containing multiple live Azure tenants. Included is one attempt at the CARTP exam.
  • Bootcamp Completion Certificate

Get a course completion certificate after attending all 4 live sessions.
  • 4 live sessions

  • 3 hrs per session

  • 4 weeks access

  • 40 flags to be collected

  • > 20 lab exercises

  • 1 CARTP attempt

  • Recordings of Live Sessions

What will you learn?

This 4-week beginner-friendly bootcamp is designed for security professionals looking to upskill in Azure Active Directory (AD) Cloud security, Azure Pentesting and Red Teaming the Azure Cloud. It covers all phases of Azure Red Teaming and pentesting – Recon, Initial access, Enumeration, Privilege Escalation, Lateral Movement, Persistence and Data Mining. The bootcamp will focus on methodology and techniques, through instructor demos, exercises and hands-on labs.

The live sessions, assignments and labs will prepare you for the certification exam – becoming a Certified Az Red Team Professional (CARTP) will strengthen your CV for jobs requiring a strong understanding of the Azure Active Directory (AD) environment.

CARTP Certification

With this certification, you’re adding to your CV one of the most coveted Cloud skills – Azure Active Directory (AD) Security. The exam is challenging – but that’s the challenge you accept when you’re taking on a certification that tests Azure pentesting, Red Teaming and defense in multiple live Azure tenants and hybrid infrastructure.

Live Session Schedule

Weekly 3 hr sessions start at 12:00pm ET and end at 3:00pm ET.
22 May 2021

29 May 2021
05 June 2021
12 June 2021
Introduction to Azure AD: Service Discovery, Recon, Enumeration and Initial Access Attacks
Authenticated Enumeration and Privilege Escalation
Lateral Movement and Persistence Techniques
Data Mining, Defenses, Monitoring & Auditing and Bypassing Defenses

Prerequisites

1. Basic understanding of Azure AD is desired but not mandatory.
2. System with 4 GB RAM and ability to install OpenVPN client and RDP to Windows boxes.
3. Privileges to disable/change any antivirus or firewall.

Bootcamp Syllabus

The course is split in four modules across four weeks:

Module I:

  • Introduction to Azure AD
  • Discovery and Recon of services and applications
  • Enumeration
  • Initial Access Attacks (Enterprise Apps, App Services, Logical Apps, Function Apps, Unsecured Storage, Phishing, Consent Grant Attacks)

Module II:

  • Authenticated Enumeration (Storage Accounts, Key vaults, Blobs, Automation Accounts, Deployment Templates, etc) 
  • Privilege Escalation (RBAC roles, Azure AD Roles, Across subscriptions)

Module III:

  • Lateral Movement (Pass-the-PRT, Pass-the-Certificate, Across Tenant, cloud to on-prem, on-prem to cloud)
  • Persistence techniques

Module IV:

  • Data Mining
  • Defenses, Monitoring and Auditing (CAP, PIM, PAM, Security Center, JIT, Risk policies, MFA, MTPs, Azure Sentinel)
  • Bypassing Defenses
  • Collect your course completion certificate, and schedule your Certified Az Red Team Professional [CARTP] exam.
Meet the instructor

Nikhil Mittal

Nikhil Mittal is a hacker, infosec researcher, speaker and enthusiast. His area of interest includes red teaming, active directory security, attack research, defense strategies and post exploitation research. He has 12+ years of experience in red teaming.

He specializes in assessing security risks at secure environments that require novel attack vectors and "out of the box" approach. He has worked extensively on Active Directory, Azure AD attacks, defense and bypassing detection mechanisms and Offensive PowerShell for red teaming. He is creator of multiple tools like Nishang, a post exploitation framework in PowerShell, Deploy-Deception a framework for deploying Active Directory deception and RACE toolkit for attacking Windows ACLs. In his spare time, Nikhil researches on new attack methodologies and updates his tools and frameworks.

Nikhil has held trainings and bootcamps for various corporate clients (in US, Europe and SE Asia), and at the world’s top information security conferences. He has spoken/trained at conferences like DEFCON, BlackHat, BruCON and more.

He blogs at https://www.labofapenetrationtester.com/
Nikhil Mittal - Principal Instructor

Can't attend this bootcamp? Get informed about future bootcamps!

Thank you!
Thank you!