Pentest Azure Advanced - 5 days
Description
Azure is currently an undisputed leader in cloud computing, ubiquitous in enterprise infrastructures due to its close integration with on-premise environments, particularly through Active Directory. This massive adoption makes it a prime target for attackers, who must understand its security specifics in order to conduct effective penetration tests.
During this five-day training, participants will deepen their offensive skills on Azure. After an introduction to fundamental security principles, the focus will shift to key services such as Entra ID, Microsoft 365 suite, Azure resources, CI/CD with Azure DevOps, Intune management, and hybrid environments. Realistic and subtle exploitation scenarios will enable participants to acquire the necessary techniques to compromise these infrastructures, while adopting a stealthy and targeted approach.
-
5 days ( 35 hours )
-
6 course modules covering a complete intrusion of Azure services
-
1 realistic, comprehensive, and individualized environment
Public and prerequisites
This training is suitable for people with notions of offensive security, but no prior experience in Azure environments. It is aimed primarily at pentesters, system administrators, security architects and developers, but also at any technical profile wishing to enrich their professional career with a security component.
-
Pentesters / red teamers
-
System administrators
-
Security architects
-
Developers
Good network and Unix knowledge and notions of web intrusion are recommended.
Content
Day 1
Fundamentals: tenant architecture, portals, tooling. Entra ID: identities and roles, OAuth 2.0 framework and Microsoft implementation, access tokens, application concepts, Microsoft Graph API, security (conditional access policies, PIM, detections), authentication methods, MFA and bypass opportunities, event logging, initial access and discovery (AzureHound, ROADTools, Microsoft Graph CLI).
Day 2
Microsoft 365: analysis of the main services of the productivity suite (Teams, Outlook / Exchange, SharePoint / OneDrive, OneNote / Word / Excel), specific APIs and their offensive usage, access management through Microsoft Graph vs. dedicated APIs, event logging.
Day 3
Azure resources: architecture, reconnaissance and discovery (AzureHound / BloodHound), ARM API, az CLI and portals, virtual machines / VDIs, containers and registries, key vaults, app services, network (firewalling and interconnections) and storage, lateral movements and post-exploitation, study of event logging. Azure DevOps: architecture, CI/CD concepts, access control.
Day 4
Azure DevOps: agents implementation, pipeline injections, privileges escalation and post-exploitation (persistence and secrets extraction). Intune: relations with Entra ID, enrollment process, access management through Intune vs. Entra ID, services implementation on managed devices, post-exploitation (scripts and applications deployment), stealth tooling.
Day 5
Hybrid environments: synchronization methods (PHS, PTA, federation), bi-lateral movements between Active Directory and Azure, AZURESSO, ADFS, implementation of Entra Connect/Cloud Sync agents, cookie theft.