Azure Pentesting Foundations
Azure Pentesting Foundations training includes identifying potential vulnerabilities in Azure cloud infrastructure, assessing them to determine the overall impact they can have on an organization and recommending appropriate mitigation strategies.
Learn Azure pentesting foundations training on the Microsoft Azure platform and understand how hackers can attack resources hosted in the Azure cloud; you’ll find out how to protect the Corporate environment by identifying vulnerabilities and extending pentesting tools and capabilities. Azure Pentesting foundations training starts by building the prerequisites for attacking the Azure cloud, and we will explore how to build an organization for understanding the operations. You’ll then simulate attacks on Azure assets such as web applications and virtual machines from anonymous and authenticated perspectives. Further, you’ll learn about the testing for privilege escalation in Azure tenants and paths in which an attacker can create persistence in a cloud-centric environment.
Azure pentesting foundations training follows a holistic approach to identify exposed credentials, extra privileges, and cloud misconfigurations in your Azure AD integration. These vulnerabilities can compromise Azure infrastructure and enable attackers to expose sensitive data, take over Azure resources, or pivot to attack your internal network.
By the end of Azure pentesting foundations training, you’ll be able to leverage your pentesting skills to detect and implement different tools and techniques to perform successful penetration tests on Azure cloud infrastructure.
syllabus
syllabus
module 1 : understaing AZure cloud internals
- Azure vs On-prem environment
- Azure common access regions
- Azure Organization structure
- Azure Tenant and Azure AD
- Root Management Group
- Subscriptions
- Resource Groups
- Azure cloud services overview
- Azure Resource Manager and Managed Identity
- Azure RBAC, Azure AD and ABAC roles
- Azure Pentesting tools and techniques
- Implementing an organization in Azure for pentesting
module 2 : Mapping the azure environments for pentesting
- Enumerating the organization for initial access overview
- Common public-facing services insecurities
- OSINT Primer for azure pentesting
module 3 : Campaigning on microsoft services
- Configuring Evilgnixv2 server
- Bypass MFA with Evilgnizv2 server
- Office 365 stealer
- Phishing with Macros and offensive VBA
module 4 : Recon and discovery of azure infrastructure
- Azure tenant identification and mapping
- Recon Emails
- Recon Common azure service in use
- Enumerating users, groups, VMs, vaults, applications and devices
- Enumerating user role and permissions mappings
- Automating the Azure enumeration
- Azure authentication and API tokens primer
- Identifying configurational vulnerabilities
- Identifying web vulnerabilities on Azure cloud
module 5 : Azure cloud services pentesting
- Azure App services and functional apps insights
- Exploiting the public facing web resources
- Azure Storage issues and exploitation
- Attacking dynamic groups and different contributor roles
- Attacking azure DevOps infrastructure
- Attacking key vaults and ARM templets
- Exploiting tokens and Pass the PRT attack
- Attacking on Hybrid environments
- Lateral movement with azure cloud
- Peristance and backdooring the Azure AD tenant
module 5 : Defending azure infrastructure
- Managing Azure Active Directory identities
- Configuring secure access by using Azure AD
- Managing azure identity and access control policies
- Microsoft Defender for cloud operations
- Implementing advanced network security
- Configuring advanced security for compute operations
- Configuring security for storage
- Configuring security for databases
- Configuring and managing Key Vaults
- Monitoring security by using Azure Monitor
- Monitoring security by using Azure Security Center
- Monitoring security by using Azure Sentinel
who should attend this training?
This training is a core foundation training. Anyone who has basic Pentesting knowledge can join this training
why should i take this training?
Cloud pentesting foundations training will build a solid base in pentesting azure cloud and on prem-Ad mixed organizations. The Course contains all insights about misconfigured implementations, attacking them and providing a robust security solution to a vendor. Overall this course will give broader exposure to everyone who is interesting in attacking and defending the azure cloud infrastructures.
prerequisite of the training ?
The person should familiar with basic Cloud operations
what is the total duration of the training ?
Active directory pentesting and security is an Instructor-led online training.
The total duration of the training is 20 hours.
aZURE PENTESTING
FOUNDATIONS INQUIRY
Whats Next ?
Checkout the advanced training modules with below link.
Our clients
Testimonials
This is the best place of learning for those seeking TRUE learning in cyber security…..there are many many institutes but amount of practical knowledge matters that one can have here….and also very friendly and professional faculty.
We're Here To Help!
Office
3500 , 1st Floor , Raja Park , New Delhi -110034
Hours
M-S: 10am - 11pm