CYBER SECURITY CERTIFICATION

Offensive Azure
Operations and Tactics
Training Course

Training Course

Registration is open for our next class. 
October 03 – 04, 2024

Course Overview

Includes

30-day access to labs, certificate of participation, and lifetime access to class recordings.

Lab Requirement

Students must have an Azure Tenant with a P2 License and Subscription. All labs will be deployed in the student’s Azure Tenant.

Important Note

Participants are required to bring a laptop equipped with a minimum of 8GB RAM.

What You’ll Receive

Prerequisites

A basic understanding of cloud technology and penetration testing is recommended, along with familiarity with PowerShell, Python, and the Azure CLI.

Course Description:  

The Offensive Azure Operations & Tactics course is an in-depth exploration of Azure’s infrastructure and security challenges. Through hands-on labs, participants will gain practical experience in identifying and exploiting vulnerabilities within Azure environments.

As Azure continues to dominate the enterprise landscape, with a significant majority of Fortune 500 companies relying on it, understanding its security intricacies has never been more vital. The widespread adoption of Azure Active Directory (Azure AD) for identity and access management, especially in hybrid cloud environments, presents unique and complex challenges.

The seamless integration of Azure with on-premises Active Directory and various infrastructure components introduces new vectors for potential threats, making it essential for security professionals to stay ahead of the curve.

This intensive, hands-on training course is designed to equip you with the skills necessary to identify and exploit vulnerabilities within Azure and Azure AD. Through immersive lab environments that replicate real-world Azure setups, you will gain practical experience in navigating and exploiting complex attack paths across multiple Azure tenants.

Our curriculum covers every phase of a comprehensive Azure red teaming operation, from the initial discovery and access techniques to advanced tactics like privilege escalation, lateral movement, persistence, and data exfiltration. The course prioritizes a deep understanding of methodologies and techniques, ensuring that you can apply what you learn across various tools and scenarios.

To provide the most effective learning experience, our students manage their own labs using AWS and Terraform. This approach ensures that each participant has a fully personalized and flexible environment that never expires, allowing you to refine your skills indefinitely. Unlike other programs, we do not rely on shared hosting environments; each student benefits from a dedicated lab setup that guarantees stability and isolation throughout the course.

Our commitment to delivering the most current and relevant content means that our courses are continuously updated to reflect the latest cybersecurity challenges. No two courses are ever the same, as we adapt to the evolving threat landscape to provide you with the most up-to-date training available.

Whether your goal is to sharpen your expertise in Azure security, develop penetration testing skills specifically tailored for cloud environments, or advance your red teaming capabilities, this course provides the actionable insights and hands-on practice you need. With a focus on real-world applicability, the live Azure environments in our labs ensure that the techniques you master can be immediately utilized in professional settings, enhancing your ability to secure and defend complex Azure infrastructures.

Dynamic Attack Paths and Labs

In the constantly evolving world of Azure, staying ahead of the curve requires more than just understanding the basics—it demands an ability to adapt to new challenges as they emerge. Our Offensive Azure Operations & Tactics course is designed with this in mind, offering hyper-current labs and dynamic attack paths that reflect the latest developments in Azure security.
 
The diagram below illustrates the potential attack paths and lab scenarios you’ll encounter in this course. Each path represents a unique set of challenges tailored to mimic real-world Azure environments, allowing you to explore various exploitation techniques and defenses. As Azure services and security measures evolve, so do our labs. This ensures that the skills you acquire remain relevant and cutting-edge.

Our labs are not static; they are continuously updated to incorporate new vulnerabilities, attack vectors, and defense mechanisms. This commitment to providing the most up-to-date training means that every time you revisit the course or labs, you’ll face fresh challenges and opportunities to sharpen your skills.

What You’ll Learn:

Throughout this intensive two-day course, participants will:

1. Understand the core components of Azure and Entra ID:

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.

2. Master Azure access controls:

Learn how to navigate and manipulate Role-Based and Attribute-Based Access Controls, as well as how to exploit weaknesses in Key Vault policies through various enumeration techniques.

3. Develop initial access strategies:

Acquire practical skills in executing phishing attacks, identifying and exploiting exposed services like storage accounts and Kubernetes, and leveraging exposed credentials to gain initial foothold in an Azure environment.

4. Execute post-exploitation techniques:

Learn how to move laterally within Azure by abusing services, hijacking cloud resources, and exploiting managed identities and tokens.

5. Identify and exploit Entra ID misconfigurations:

Discover how to identify shadow admins, exploit enterprise app misconfigurations, and bypass conditional access policies, along with other common misconfigurations.

6. Pivot between cloud and on-prem environments:

Master the techniques required to move between cloud and on-premises environments, using tools like ARC, Intune, and Entra ID Connect.

7. Maintain persistent access:

Learn how to establish and maintain persistence in Azure environments by exploiting service principals, automation accounts, and hybrid connections.

8. Conduct thorough configuration assessments:

Understand how to assess Azure configurations against CIS Benchmarks using both open source and commercial tools, ensuring that environments are secure and compliant.

Our labs are not static; they are continuously updated to incorporate new vulnerabilities, attack vectors, and defense mechanisms. This commitment to providing the most up-to-date training means that every time you revisit the course or labs, you’ll face fresh challenges and opportunities to sharpen your skills.

Course Syllabus Outline

Day 1

  • Overview of Entra ID Components
  • Understanding Azure Services
  • Integration with Azure Intune
  • Office/Microsoft 365 Overview
  • Authentication & Authorization Methods
  • Navigating the Maze of Azure Tokens
  • Phishing Techniques for Initial Access
  • Identifying and Exploiting Exposed Services
    • Storage Accounts
    • Function Apps
    • App Services
    • Logic Apps
    • Kubernetes (K8s)
  • Harvesting Exposed Credentials
  • Executing Password Spray Attacks
  • Role-Based Access Control (RBAC)
  • Attribute-Based Access Control (ABAC)
  • Management Plane & Data Plane Controls
  • Key Vault Access Policies
    • Enumeration Approach
    • Unauthenticated & Authenticated Enumeration
    • Automated Enumeration Techniques
    • Manual Enumeration with Custom Scripts
    • Security Controls Overview
  • Abusing Azure Services for Post-Exploitation
  • Hijacking Function Apps and Cloud Shell
  • Hunting for Sensitive Information
  • Exploiting Key Vault, Logic Apps, ACR, and K8s
  • Abusing Managed Identity for Lateral Movement
  • Performing Token Exchange Attacks
  • Exploiting Microsoft Intune

Day 2

  • Identifying and Exploiting Shadow Admin Accounts
  • Misconfigurations in Enterprise Apps/App Registrations
  • Abusing Graph Permissions
  • Exploiting Owner/Members Role Assignments
  • Bypassing Conditional Access Policies
  • Understanding Dynamic Groups and Guest Users
  • Authentication Method Exploitation
  • Establishing Persistent Access via Service Principals
  • Leveraging Automation Accounts for Persistence
  • Utilizing ARC and Hybrid Connections for Long-term Access
  • Utilizing Automation Accounts for Pivoting
  • Exploiting Azure Resource Manager (ARC) and Hybrid Connections
  • Leveraging Intune and Application Proxy for Pivoting
  • Pivoting Techniques from On-prem to Cloud
    • Entra ID Connect
    • Single Sign-On (SSO)
    • Stealing Primary Refresh Tokens (PRT)
  • Performing Configuration Audits Using CIS Benchmarks
  • Implementing Automated Tools for Assessment
    • Open Source Tools
    • Commercial Tools
  • Final Lab Discussion: Recap and Q&A

Certification of Participation

Upon successful completion of the live training class, all students will receive a Certificate of Participation. This certificate serves as a formal recognition of the knowledge and skills you’ve acquired throughout the course.

Your certification will be a testament to your hands-on experience in offensive Azure operations, showcasing your ability to identify and exploit vulnerabilities within Azure environments. Whether you’re enhancing your professional portfolio, seeking to advance in your career, or simply gaining new expertise in cloud security, this certification validates your commitment to mastering the complexities of Azure security.

The certificate is personalized with your name, the course title, and the date of completion, making it a valuable addition to your professional credentials. It demonstrates to employers and peers alike that you have completed a rigorous and comprehensive training program, equipping you with the practical skills necessary to secure and defend Azure infrastructures against advanced threats.

Live training provides students with interactive opportunities to master topics of interest

Additional Benefits

Support for Heroes

We are proud to offer free or discounted testing for military personnel, veterans, students, teachers, and first responders. If you fall into one of these categories, please contact us to learn more about how you can benefit from this support.

Take Your Skills to the Next Level

Challenge Yourself

Discover new heights and overcome personal barriers with WhiteKnightLabs’ groundbreaking training program, created to foster growth and unleash your capabilities.

Learn

Enhance your skillset and deepen your understanding through our expert-developed courses, focused on delivering the most pertinent and up-to-the-minute information in your field.

Achieve

Aim for the stars and experience the thrill of success with WhiteKnightLabs’ extensive training program, enabling you to tackle challenges head-on and excel in your chosen profession.

Register Now
for the Next Session

You will receive additional details by email once you complete the registration

Click the link
to secure your seat right now!

October 3rd and 4th, 2024
Class Times will be
8:30AM EST – 5:00PM EST

Need additional information?

    Cyber Security Training represented by image of female hacker in front of computer screens.

    Contact us with Questions

    If you have questions let us know.  If you’re unable to use the form. please give us a call at 877-864-4204

    White Knight Labs for Exceptional
    Cyber Security Training Courses

    At White Knight Labs, we firmly believe that every individual’s unique strengths and interests in cybersecurity deserve to be nurtured.

    That’s why we offer an exceptional variety of training opportunities, designed to cater to a diverse range of roles and experience levels.

    Whether you’re a seasoned professional looking to sharpen your skills or a determined novice eager to explore and build a solid foundation, our courses are thoughtfully crafted to support and propel you on your journey of discovery and growth in this critical field.

    Copyright © White Knight Labs – All rights reserved