Azure Pentesting Foundations
Azure Pentesting Foundations training includes identifying potential vulnerabilities in Azure cloud infrastructure, assessing them to determine the overall impact they can have on an organization and recommending appropriate mitigation strategies.
Learn Azure pentesting foundations training on the Microsoft Azure platform and understand how hackers can attack resources hosted in the Azure cloud; you’ll find out how to protect the Corporate environment by identifying vulnerabilities, along with extending pentesting tools and capabilities. Azure Pentesting foundations training starts by building the prerequisites for attacking the Azure cloud and we will explore how to build an organization for understanding the operations. You’ll then simulate attacks on Azure assets such as web applications and virtual machines from anonymous and authenticated perspectives. Further, you’ll learn about the testing for privilege escalation in Azure tenants and paths in which an attacker can create persistence in a cloud centric environment.
Azure pentesting foundations training follows a holistic approach to identify exposed credentials, extra privileges, and cloud misconfigurations in your Azure AD integration. These vulnerabilities can lead to the compromise of your Azure infrastructure and enable an attacker to expose sensitive data, take over Azure resources, or pivot to attack your internal network.
By the end of Azure pentesting foundations training, you’ll be able to leverage your pentesting skills to detect and implement different tools and techniques to perform successful penetration tests on Azure cloud infrastructure.
REAL LIFE CASE STUDIES
INDUSTRY DRIVEN CERTIFICATION
STUDENT LEARNING KIT
- Azure vs On-prem environment
- Azure common access regions
- Azure Organization structure
- Azure Tenant and Azure AD
- Root Management Group
- Resource Groups
- Azure cloud services overview
- Azure Resource Manager and Managed Identity
- Azure RBAC, Azure AD and ABAC roles
- Azure Pentesting tools and techniques
- Implementing an organization in Azure for pentesting
- Enumerating the organization for initial access overview
- Common public-facing services insecurities
- OSINT Primer for azure pentesting
- Configuring Evilgnixv2 server
- Bypass MFA with Evilgnizv2 server
- Office 365 stealer
- Phishing with Macros and offensive VBA
- Azure tenant identification and mapping
- Recon Emails
- Recon Common azure service in use
- Enumerating users, groups, VMs, vaults, applications and devices
- Enumerating user role and permissions mappings
- Automating the Azure enumeration
- Azure authentication and API tokens primer
- Identifying configurational vulnerabilities
- Identifying web vulnerabilities on Azure cloud
- Azure App services and functional apps insights
- Exploiting the public facing web resources
- Azure Storage issues and exploitation
- Attacking dynamic groups and different contributor roles
- Attacking azure DevOps infrastructure
- Attacking key vaults and ARM templets
- Exploiting tokens and Pass the PRT attack
- Attacking on Hybrid environments
- Lateral movement with azure cloud
- Peristance and backdooring the Azure AD tenant
- Managing Azure Active Directory identities
- Configuring secure access by using Azure AD
- Managing azure identity and access control policies
- Microsoft Defender for cloud operations
- Implementing advanced network security
- Configuring advanced security for compute operations
- Configuring security for storage
- Configuring security for databases
- Configuring and managing Key Vaults
- Monitoring security by using Azure Monitor
- Monitoring security by using Azure Security Center
- Monitoring security by using Azure Sentinel
who should attend this training?
This training is a core foundation training. Anyone who has basic Pentesting knowledge can join this training
why should i take this training?
Cloud pentesting foundations training will build a solid base in pentesting azure cloud and on prem-Ad mixed organizations. The Course contains all insights about misconfigured implementations, attacking them and providing a robust security solution to a vendor. Overall this course will give broader exposure to everyone who is interesting in attacking and defending the azure cloud infrastructures.
prerequisite of the training ?
The person should familiar with basic IT operations
what is the total duration of the training ?
Active directory pentesting and security is an Instructor-led online training.
The total duration of the training is 20 hours.