Contact US : +919999508202 [email protected]

azure pentesting foundations

Azure Pentesting Foundations training includes identifying potential vulnerabilities in Azure cloud infrastructure, assessing them to determine the overall impact they can have on an organization and recommending appropriate mitigation strategies.
Learn Azure pentesting foundations training on the Microsoft Azure platform and understand how hackers can attack resources hosted in the Azure cloud; you’ll find out how to protect the Corporate environment by identifying vulnerabilities and extending pentesting tools and capabilities. Azure Pentesting foundations training starts by building the prerequisites for attacking the Azure cloud, and we will explore how to build an organization for understanding the operations. You’ll then simulate attacks on Azure assets such as web applications and virtual machines from anonymous and authenticated perspectives. Further, you’ll learn about the testing for privilege escalation in Azure tenants and paths in which an attacker can create persistence in a cloud-centric environment.
Azure pentesting foundations training follows a holistic approach to identify exposed credentials, extra privileges, and cloud misconfigurations in your Azure AD integration. These vulnerabilities can compromise Azure infrastructure and enable attackers to expose sensitive data, take over Azure resources, or pivot to attack your internal network.
By the end of Azure pentesting foundations training, you’ll be able to leverage your pentesting skills to detect and implement different tools and techniques to perform successful penetration tests on Azure cloud infrastructure.

Azure pentesting

detailed syllabus

UNDERSTAING AZURE CLOUD INTERNALS

  • Azure vs On-prem environment
  • Azure common access regions
  • Azure Organization structure
    • Azure Tenant and Azure AD
    • Root Management Group
    • Subscriptions
    • Resource Groups

azure cloud services primer

  • Azure cloud services overview
  • Azure Resource Manager and Managed Identity
  • Azure RBAC, Azure AD and ABAC  roles
  • Azure Pentesting tools and techniques
  • Implementing an organization in Azure for pentesting
  • understanding and implementing vulnerabilities in lab environment

enumeration and spear phishing

  • Enumerating the organization for initial access overview
  • Common public-facing services insecurities
  • OSINT Primer for azure pentesting
  • Configuring EvilgnixV2 server
  • Bypass MFA with EvilgnixV2 server
  • Office 365 stealer
  • Phishing with Macros and offensive VBA

recon and discovery of azur assets

  • Azure tenant identification and mapping
  • Recon Emails
  • Recon Common azure service in use
  • Enumerating users, groups, VMs, vaults, applications and devices
  • Enumerating user role and permissions mappings
  • Automating the Azure enumeration
  • Azure authentication and API tokens primer
  • Identifying configurational vulnerabilities
  • Identifying web vulnerabilities on Azure cloud

attacking azure services

  • Azure App services and functional apps insights
  • Exploiting the public facing web resources 
  • Azure Storage issues and exploitation
  • Attacking dynamic groups and different contributor roles
  • Attacking azure DevOps infrastructure 
  • Attacking key vaults and ARM templets
  • Exploiting tokens and Pass the PRT attack
  • Attacking on Hybrid environments 
  • Lateral movement with azure cloud 
  • Persistance and backdooring the Azure AD tenant
  • Owing the entire infrastructure

azure infrastrucure defenses

  • Configuring secure access by using Azure AD
  • Managing azure identity and access control policies
  • Microsoft Defender for cloud operations
  • Implementing advanced network security
  • Configuring advanced security for compute operations
  • Configuring security for storage and databases
  • Configuring and managing Key Vaults
  • Monitoring security by using Azure Security Center , azure monitor and Azure Sentinel
who should attend this training?

This training is a core foundation training. Anyone who has basic Pentesting knowledge can join this training

why should i take this training?

Cloud pentesting foundations training will build a solid base in pentesting azure cloud and on prem-Ad mixed organizations. The Course contains all insights about misconfigured implementations, attacking them and providing a robust security solution to a vendor. Overall this course will give broader exposure to everyone who is interested in attacking and defending the azure cloud infrastructures.

prerequisite of the training ?

The person should familiar with basic Cloud operations 

what is the total duration of the training ?

Active directory pentesting and security is an Instructor-led online training.

The total duration of the training is 20 hours.

Testimonials

A milestone in cyber security training and assessment. The trainer is extremely knowledgeable specially Naresh. You can say that he is an encyclopaedia of cyber security and has excellent customer service from Kirti and Richa.Prompt reply from them in management or other queries.Thank you for sharing such precious and valuable knowledge with us.Grateful and thankful
Anuvind Twari

Security enginer

This is the best place of learning for those seeking TRUE learning in cyber security…..there are many many institutes but amount of practical knowledge matters that one can have here….and also very friendly and professional faculty.

Amit goel

Enterprenuer

We're Here To Help!

head Office

3500 , 1st Floor , Raja Park , New Delhi -110034 , India

WORKING Hours - isT

M-S : 10 AM - 7 PM