{"id":2725,"date":"2021-06-14T13:50:50","date_gmt":"2021-06-14T11:50:50","guid":{"rendered":"https:\/\/archive.brucon.org\/2022\/?page_id=2725"},"modified":"2021-06-15T16:15:41","modified_gmt":"2021-06-15T14:15:41","slug":"azure-ad-attacks-for-red-and-blue-teams-basic-edition","status":"publish","type":"page","link":"https:\/\/archive.brucon.org\/2022\/brucon-2022-training\/azure-ad-attacks-for-red-and-blue-teams-basic-edition\/","title":{"rendered":"Azure AD Attacks for Red and Blue Teams &#8211; Basic Edition"},"content":{"rendered":"<div class=\"wpb-content-wrapper\"><p>[vc_row][vc_column][vc_column_text]<\/p>\n<h2>Course Description<\/h2>\n<p><span style=\"font-weight: 400\">More than 95 percent of Fortune 500 use Azure today! A huge number of organizations now\u00a0 use Azure AD as an Identity and Access Management platform using the hybrid cloud model.\u00a0 This makes it imperative to understand the risks associated with Azure AD as not only the\u00a0 Windows infrastructure and apps use it but also identities of users across an enterprise are\u00a0 authenticated using it.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400\">In addition to cloud-only identity, the ability to connect on-prem Active Directory, applications\u00a0 and infrastructure to Azure AD brings some very interesting opportunities and risks too. Often complex to understand, this setup of components, infrastructure and identity is a security\u00a0 challenge. <\/span><span style=\"font-weight: 400\">This hands-on training aims towards abusing Azure AD and a number of services offered by it.\u00a0 We will cover multiple complex attack lifecycles against a lab containing <\/span><b>multiple live Azure\u00a0 tenants<\/b><span style=\"font-weight: 400\">.\u00a0\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400\">All the phases of Azure red teaming and pentesting \u2013 Recon, Initial access, Enumeration,\u00a0 Privilege Escalation, Lateral Movement, Persistence and Data mining are covered. We will also\u00a0 discuss detecting and monitoring for the techniques we use.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400\">The course is a mixture of fun, demos, exercises, hands-on and lecture. The training focuses\u00a0 more on methodology and techniques than tools.\u00a0\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400\">If you are a security professional trying to improve your skills in Azure AD cloud security, Azure\u00a0 Pentesting or Red teaming the Azure cloud this is the right class for you!<\/span><\/p>\n<p><span style=\"font-weight: 400\">Attendees will get free one month access to a lab configured like an Enterprise azure,\u00a0 during and after the training. <\/span>[\/vc_column_text][\/vc_column][\/vc_row][vc_row][vc_column][vc_column_text]<\/p>\n<h2>Course contents<\/h2>\n<h4><span style=\"font-weight: 400\">Module 1\u00a0<\/span><\/h4>\n<ul>\n<li><span style=\"font-weight: 400\">Introduction to Azure AD\u00a0<\/span><\/li>\n<li><span style=\"font-weight: 400\">Discovery and Recon of services and applications\u00a0\u00a0<\/span><\/li>\n<li><span style=\"font-weight: 400\">Enumeration\u00a0<\/span><\/li>\n<li><span style=\"font-weight: 400\">Initial Access Attacks (Enterprise Apps, App Services, Logical Apps, Function Apps,\u00a0 Unsecured Storage, Phishing, Consent Grant Attacks)\u00a0<\/span><\/li>\n<\/ul>\n<h4><span style=\"font-weight: 400\">Module 2\u00a0<\/span><\/h4>\n<ul>\n<li><span style=\"font-weight: 400\">Authenticated Enumeration (Storage Accounts, Key vaults, Blobs, Automation Accounts,\u00a0 Deployment Templates etc.)\u00a0<\/span><\/li>\n<li><span style=\"font-weight: 400\">Privilege Escalation (RBAC roles, Azure AD Roles, Across subscriptions)\u00a0<\/span><\/li>\n<\/ul>\n<h4><span style=\"font-weight: 400\">Module 3\u00a0<\/span><\/h4>\n<ul>\n<li><span style=\"font-weight: 400\">Lateral Movement (Pass-the-PRT, Pass-the-Certificate, Across Tenant, cloud to on-prem,\u00a0 on-prem to cloud)\u00a0<\/span><\/li>\n<li><span style=\"font-weight: 400\">Persistence techniques\u00a0<\/span><\/li>\n<\/ul>\n<h4><span style=\"font-weight: 400\">Module 4\u00a0<\/span><\/h4>\n<ul>\n<li><span style=\"font-weight: 400\">Data Mining\u00a0<\/span><\/li>\n<li><span style=\"font-weight: 400\">Defenses, Monitoring and Auditing (CAP, PIM, Security Center, JIT, Risk policies, Azure\u00a0 Defender, Azure Sentinel)\u00a0<\/span><\/li>\n<li><span style=\"font-weight: 400\">Bypassing Defenses\u00a0<\/span><\/li>\n<\/ul>\n<p>[\/vc_column_text][\/vc_column][\/vc_row][vc_row][vc_column][vc_column_text]<\/p>\n<h2>Target audience<\/h2>\n<p><span style=\"font-weight: 400\">Red teamers and penetration testers who want to improve on their Azure AD attack skills\u00a0 should take this class. Blue teamers, Azure AD administrators and security professionals who\u00a0 want to understand the approach and techniques of adversaries should take this class. <\/span>[\/vc_column_text][\/vc_column][\/vc_row][vc_row][vc_column][vc_column_text]<\/p>\n<h2>Requirements<\/h2>\n<ul>\n<li><span style=\"font-weight: 400\">Basic understanding of Azure AD is desired but not mandatory. <\/span><\/li>\n<\/ul>\n<h3>System Requirements<\/h3>\n<ul>\n<li><span style=\"font-weight: 400\">System with 4 GB RAM and ability to install OpenVPN client and RDP to Windows boxes. <\/span><\/li>\n<li><span style=\"font-weight: 400\">Privileges to disable\/change any antivirus or firewall.<\/span><\/li>\n<\/ul>\n<p>[\/vc_column_text][\/vc_column][\/vc_row][vc_row][vc_column width=&#8221;5\/6&#8243;][vc_column_text]<\/p>\n<h2>Trainer Biography<\/h2>\n<p><strong>Nikhil Mittal\u00a0<\/strong><span style=\"font-weight: 400\">s a hacker, infosec researcher, speaker and enthusiast. His area of interest\u00a0 includes red teaming, active directory security, attack research, defense strategies and post exploitation research. He has 12+ years of experience in red teaming.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400\">He specializes in assessing security risks at secure environments that require novel attack\u00a0 vectors and &#8220;out of the box&#8221; approach. He has worked extensively on Active Directory, Azure\u00a0 AD attacks, defense and bypassing detection mechanisms and Offensive PowerShell for red\u00a0 teaming. He is creator of multiple tools like Nishang, a post exploitation framework in\u00a0 PowerShell, Deploy-Deception a framework for deploying Active Directory deception and RACE\u00a0 toolkit for attacking Windows ACLs. In his spare time, Nikhil researches on new attack\u00a0 methodologies and updates his tools and frameworks.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400\">Nikhil has held trainings and boot camps for various corporate clients (in US, Europe and SE\u00a0 Asia), and at the world\u2019s top information security conferences.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400\">He has spoken\/trained at conferences like DEF CON, BlackHat, BruCON and more.\u00a0 <\/span>[\/vc_column_text][\/vc_column][vc_column width=&#8221;1\/6&#8243;][vc_single_image image=&#8221;503&#8243; style=&#8221;vc_box_circle&#8221;][\/vc_column][vc_column][vc_column_text]<\/p>\n<h2>Social Media<\/h2>\n<p>Twitter: <a href=\"https:\/\/twitter.com\/nikhil_mitt\">@nikhil_mitt<\/a><\/p>\n<p>Blog: <a href=\"https:\/\/www.labofapenetrationtester.com\/\">https:\/\/www.labofapenetrationtester.com\/<\/a>[\/vc_column_text][\/vc_column][\/vc_row][vc_row][vc_column][vc_column_text]<style type=\"text\/css\">.thegem-button-69db67e4bbed39311 .gem-button svg {fill: #ffffff;}.thegem-button-69db67e4bbed39311 .gem-button:hover svg {fill: #ffffff;}<\/style><div class=\"gem-button-container gem-button-position-fullwidth thegem-button-69db67e4bbed39311    \"  ><a class=\"gem-button gem-button-size-giant gem-button-style-flat gem-button-text-weight-normal\" data-ll-effect=\"drop-right-without-wrap\" style=\"border-radius: 3px;background-color: #b43836;color: #ffffff;\" onmouseleave=\"this.style.backgroundColor='#b43836';this.style.color='#ffffff';\" onmouseenter=\"this.style.backgroundColor='#ef5047';this.style.color='#ffffff';\" href=\"https:\/\/brucon0x0d-training.eventbrite.co.uk\" target=\"_self\">Buy Training Ticket<\/a><\/div> [\/vc_column_text][\/vc_column][\/vc_row][vc_row][vc_column][vc_empty_space][\/vc_column][\/vc_row]<\/p>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>[vc_row][vc_column][vc_column_text] Course Description More than 95 percent of Fortune 500 use Azure today! A huge number of organizations now\u00a0 use Azure AD as an Identity and Access Management platform using the hybrid cloud model.\u00a0 This makes it imperative to understand the risks associated with Azure AD as not only the\u00a0 Windows infrastructure and apps use it but also identities of users across an enterprise are\u00a0 authenticated using it.\u00a0 In addition to cloud-only identity, the ability&#8230;<\/p>\n","protected":false},"author":8,"featured_media":0,"parent":75,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"class_list":["post-2725","page","type-page","status-publish"],"_links":{"self":[{"href":"https:\/\/archive.brucon.org\/2022\/wp-json\/wp\/v2\/pages\/2725","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/archive.brucon.org\/2022\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/archive.brucon.org\/2022\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/archive.brucon.org\/2022\/wp-json\/wp\/v2\/users\/8"}],"replies":[{"embeddable":true,"href":"https:\/\/archive.brucon.org\/2022\/wp-json\/wp\/v2\/comments?post=2725"}],"version-history":[{"count":4,"href":"https:\/\/archive.brucon.org\/2022\/wp-json\/wp\/v2\/pages\/2725\/revisions"}],"predecessor-version":[{"id":2788,"href":"https:\/\/archive.brucon.org\/2022\/wp-json\/wp\/v2\/pages\/2725\/revisions\/2788"}],"up":[{"embeddable":true,"href":"https:\/\/archive.brucon.org\/2022\/wp-json\/wp\/v2\/pages\/75"}],"wp:attachment":[{"href":"https:\/\/archive.brucon.org\/2022\/wp-json\/wp\/v2\/media?parent=2725"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}