{"id":3120,"date":"2022-06-22T20:24:09","date_gmt":"2022-06-22T18:24:09","guid":{"rendered":"https:\/\/archive.brucon.org\/2024\/?page_id=3120"},"modified":"2024-06-04T21:43:48","modified_gmt":"2024-06-04T19:43:48","slug":"azure-cloud-attacks-for-red-and-blue-teams","status":"publish","type":"page","link":"https:\/\/archive.brucon.org\/2024\/brucon-2024-training\/azure-cloud-attacks-for-red-and-blue-teams\/","title":{"rendered":"Azure Cloud Attacks for Red and Blue Teams"},"content":{"rendered":"<div class=\"wpb-content-wrapper\"><p>[vc_row][vc_column][vc_column_text]<\/p>\n<h2>Course Description<\/h2>\n<p><span style=\"font-weight: 400\">More than 95 percent of Fortune 500 use Azure today! A huge number of organizations now use\u00a0 Azure AD as an Identity and Access Management platform using the hybrid cloud model. This\u00a0 makes it imperative to understand the risks associated with Azure as not only the Windows\u00a0 infrastructure and apps use it but also identities of users across an enterprise are authenticated\u00a0 using it.\u00a0\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400\">In addition to cloud-only identity, the ability to connect on-prem Active Directory, applications\u00a0 and infrastructure to Azure brings some very interesting opportunities and risks too. Often\u00a0 complex to understand, this setup of components, infrastructure and identity is a security\u00a0 challenge.\u00a0<\/span><span style=\"font-weight: 400\">This hands-on training aims towards abusing Azure and a number of services offered by it. We\u00a0 will cover multiple complex attack lifecycles against a lab containing <\/span><b>multiple live Azure tenants<\/b><span style=\"font-weight: 400\">.\u00a0\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400\">All the phases of Azure red teaming and pentesting \u2013 Recon, Initial access, Enumeration, Privilege\u00a0 Escalation, Lateral Movement, Persistence and Data mining are covered. We will also discuss\u00a0 detecting and monitoring for the techniques we use. <\/span><span style=\"font-weight: 400\">The course is a mixture of fun, demos, exercises, hands-on and lecture. The training focuses more\u00a0 on methodology and techniques than tools.\u00a0\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400\">If you are a security professional trying to improve your skills in Azure cloud security, Azure\u00a0 Pentesting or Red teaming the Azure cloud this is the right class for you! <\/span><\/p>\n<h3>Top 3 takeaways<\/h3>\n<ul>\n<li>Understand and practice attacks on Azure in a live lab environment that has multiple Azure tenants and a large number of different resources including hybrid identity and onprem infrastructure.<\/li>\n<li>Practice attacks on Azure in a live lab environment that has multiple Azure tenants and a large number of different resources including hybrid identity and on-prem infrastructure.<\/li>\n<li>Understand the defenses available to counter the discussed attacks and analyze the footprints of the attackers!<\/li>\n<\/ul>\n<h3>Course Content<\/h3>\n<p><span style=\"font-weight: 400\">Following topics are covered:\u00a0<\/span><\/p>\n<ul>\n<li><span style=\"font-weight: 400\">Introduction to Azure\u00a0<\/span><\/li>\n<li><span style=\"font-weight: 400\">Discovery and Recon of services and applications\u00a0<\/span><\/li>\n<li><span style=\"font-weight: 400\">Enumeration\u00a0<\/span><\/li>\n<li><span style=\"font-weight: 400\">Initial Access Attacks (Enterprise Apps, App Services, Function Apps, Insecure Storage,\u00a0 Phishing, Consent Grant Attacks)\u00a0<\/span><\/li>\n<li><span style=\"font-weight: 400\">Enumeration post authentication (Storage Accounts, Key vaults, Blobs, Automation\u00a0 Accounts, Deployment Templates etc.)\u00a0<\/span><\/li>\n<li><span style=\"font-weight: 400\">Privilege Escalation (RBAC roles, Azure AD Roles, Across subscriptions) <\/span><span style=\"font-weight: 400\">\u2022 <\/span><span style=\"font-weight: 400\">Lateral Movement (Pass-the-PRT, Pass-the-Certificate, Across Tenant, cloud to on-prem,\u00a0 on-prem to cloud)<\/span><\/li>\n<li><span style=\"font-weight: 400\">Lateral Movement (Across Tenant, cloud to on-prem, on-prem to cloud) <\/span><span style=\"font-weight: 400\">\u2022 <\/span><span style=\"font-weight: 400\">Persistence techniques\u00a0<\/span><\/li>\n<li><span style=\"font-weight: 400\">Data Mining\u00a0<\/span><\/li>\n<li><span style=\"font-weight: 400\">Defenses, Monitoring and Auditing (CAP, PIM, Microsoft Defender for Cloud, JIT, Risk\u00a0 policies, MFA, MTPs, Azure Sentinel)\u00a0<\/span><\/li>\n<li><span style=\"font-weight: 400\">Bypassing Defenses\u00a0<\/span><\/li>\n<li><span style=\"font-weight: 400\">Defenses, Monitoring and Auditing\u00a0<\/span><\/li>\n<\/ul>\n<p>[\/vc_column_text][\/vc_column][\/vc_row][vc_row][vc_column][vc_column_text]<\/p>\n<h3><span style=\"font-weight: 400\">Day 1\u00a0\u00a0<\/span><\/h3>\n<ul>\n<li><span style=\"font-weight: 400\">Introduction to Azure\u00a0<\/span><\/li>\n<li><span style=\"font-weight: 400\">Discovery and Recon of services and applications\u00a0\u00a0<\/span><\/li>\n<li><span style=\"font-weight: 400\">Enumeration\u00a0<\/span><\/li>\n<li><span style=\"font-weight: 400\">Initial Access Attacks (Enterprise Apps, App Services, Function Apps, Insecure Storage,\u00a0 Phishing, Consent Grant Attacks)\u00a0<\/span><\/li>\n<\/ul>\n<h3><span style=\"font-weight: 400\">Day 2\u00a0<\/span><\/h3>\n<ul>\n<li><span style=\"font-weight: 400\">Enumeration post authentication (Storage Accounts, Key vaults, Blobs, Automation Accounts, Deployment Templates etc.)\u00a0<\/span><\/li>\n<li><span style=\"font-weight: 400\">Privilege Escalation (RBAC roles, Azure AD Roles, Across subscriptions) <\/span><\/li>\n<li><span style=\"font-weight: 400\">Lateral Movement (Pass-the-PRT, Pass-the-Certificate, Across Tenant, cloud to on-prem, on-prem to cloud)\u00a0<\/span><\/li>\n<\/ul>\n<h3><span style=\"font-weight: 400\">Day 3\u00a0<\/span><\/h3>\n<ul>\n<li><span style=\"font-weight: 400\">Lateral Movement (Across Tenant, cloud to on-prem, on-prem to cloud)<\/span><\/li>\n<li><span style=\"font-weight: 400\">Persistence techniques <\/span><span style=\"font-weight: 400\">(Hybrid Identity, Golden SAML, Service Principals, Dynamic\u00a0 Groups)\u00a0<\/span><\/li>\n<li><span style=\"font-weight: 400\">Data Mining\u00a0<\/span><\/li>\n<li><span style=\"font-weight: 400\">Defenses, Monitoring and Auditing (CAP, PIM, Microsoft Defender for Cloud, JIT, Risk\u00a0 policies, CAE, MFA, MTPs, Azure Sentinel)\u00a0<\/span><\/li>\n<li><span style=\"font-weight: 400\">Bypassing Defenses<\/span><\/li>\n<\/ul>\n<p>[\/vc_column_text][\/vc_column][\/vc_row][vc_row][vc_column][vc_column_text]<\/p>\n<h2>Why should you take this course?<\/h2>\n<p>This course helps in upskilling to one of the most coveted skill in information security &#8211; Azure security. Drawing from our experience of more than a decade to teach at hacker conferences, this hands-on course helps someone in improving their Azure security skills. The course lab is designed in a way that students can solve it in multiple ways! The lab also includes a CTF for those students who would like more challenge.<\/p>\n<h3>Who should take this course<\/h3>\n<p>Red teamers and penetration testers who want to improve on their Azure attack skills should take this class. Blue teamers, Azure administrators and security professionals who want to understand the approach and techniques of adversaries should take this class.[\/vc_column_text][\/vc_column][\/vc_row][vc_row][vc_column][vc_column_text]<\/p>\n<h3>Prerequisite Knowledge<\/h3>\n<p>Basic understanding of Azure is desired but not mandatory<\/p>\n<h3>Hardware \/ Software Requirements<\/h3>\n<ul>\n<li>System with 4 GB RAM and ability to install OpenVPN client and RDP to Windows boxes.<\/li>\n<li>Privileges to disable\/change any antivirus or firewall.<\/li>\n<\/ul>\n<h3>What students will be provided with<\/h3>\n<ul>\n<li><span style=\"font-weight: 400\">Attendees will get free one month access to a lab configured like an Enterprise network,\u00a0 during and after the training.\u00a0 <\/span><\/li>\n<li>An attempt to completely hands-on Certified Azure Red Team Professional (CARTP)<\/li>\n<li>In addition to that, learning aid like course slides, lab manual, walk-through videos and\u00a0 lab support till the lab access is active<\/li>\n<\/ul>\n<p>[\/vc_column_text][\/vc_column][\/vc_row][vc_row][vc_column width=&#8221;5\/6&#8243;][vc_column_text]<\/p>\n<h2>Trainer Biography<\/h2>\n<p><strong>Nikhil Mittal <\/strong><span style=\"font-weight: 400\">is a hacker, infosec researcher, speaker and enthusiast. His area of interest includes\u00a0 red teaming, Azure and active directory security, attack research, defense strategies and post\u00a0 exploitation research. He has 15+ years of experience in red teaming.\u00a0\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400\">He specializes in assessing security risks at secure environments that require novel attack vectors\u00a0 and &#8220;out of the box&#8221; approach. He has worked extensively on Azure, Active Directory attacks,\u00a0 defense and bypassing detection mechanisms. Nikhil has held trainings and boot camps for\u00a0 various corporate clients (in US, Europe and SE Asia), and at the world&#8217;s top information security\u00a0 conferences.\u00a0\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400\">He has spoken\/trained at conferences like DEF CON, BlackHat, BruCON and more.\u00a0\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400\">He is the founder of Altered Security &#8211; a company focusing on hands-on enterprise security\u00a0 learning <\/span>&#8211;\u00a0 <a href=\"https:\/\/www.alteredsecurity.com\" target=\"_blank\" rel=\"noopener\">https:\/\/www.alteredsecurity.com<\/a><\/p>\n<p>Twitter : <a href=\"https:\/\/twitter.com\/nikhil_mitt\" target=\"_blank\" rel=\"noopener\">@nikhil_mitt<\/a>[\/vc_column_text][\/vc_column][vc_column width=&#8221;1\/6&#8243; css=&#8221;.vc_custom_1597411551164{padding-top: 50% !important;}&#8221;][vc_single_image image=&#8221;1503&#8243;][\/vc_column][\/vc_row][vc_row][vc_column][vc_column_text]<style type=\"text\/css\">.thegem-button-69f0715ee31d26501 .gem-button svg {fill: #ffffff;}.thegem-button-69f0715ee31d26501 .gem-button:hover svg {fill: #ffffff;}<\/style><div class=\"gem-button-container gem-button-position-fullwidth thegem-button-69f0715ee31d26501    \"  ><a class=\"gem-button gem-button-size-giant gem-button-style-flat gem-button-text-weight-normal\" data-ll-effect=\"drop-right-without-wrap\" style=\"border-radius: 3px;background-color: #b43836;color: #ffffff;\" onmouseleave=\"this.style.backgroundColor='#b43836';this.style.color='#ffffff';\" onmouseenter=\"this.style.backgroundColor='#ef5047';this.style.color='#ffffff';\" href=\"https:\/\/brucon0x10-training.eventbrite.co.uk\" target=\"_self\">Buy training ticket<\/a><\/div> [\/vc_column_text][\/vc_column][\/vc_row][vc_row][vc_column][vc_empty_space][\/vc_column][\/vc_row]<\/p>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>[vc_row][vc_column][vc_column_text] Course Description More than 95 percent of Fortune 500 use Azure today! A huge number of organizations now use\u00a0 Azure AD as an Identity and Access Management platform using the hybrid cloud model. This\u00a0 makes it imperative to understand the risks associated with Azure as not only the Windows\u00a0 infrastructure and apps use it but also identities of users across an enterprise are authenticated\u00a0 using it.\u00a0\u00a0 In addition to cloud-only identity, the ability to&#8230;<\/p>\n","protected":false},"author":8,"featured_media":0,"parent":75,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"class_list":["post-3120","page","type-page","status-publish"],"_links":{"self":[{"href":"https:\/\/archive.brucon.org\/2024\/wp-json\/wp\/v2\/pages\/3120","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/archive.brucon.org\/2024\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/archive.brucon.org\/2024\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/archive.brucon.org\/2024\/wp-json\/wp\/v2\/users\/8"}],"replies":[{"embeddable":true,"href":"https:\/\/archive.brucon.org\/2024\/wp-json\/wp\/v2\/comments?post=3120"}],"version-history":[{"count":7,"href":"https:\/\/archive.brucon.org\/2024\/wp-json\/wp\/v2\/pages\/3120\/revisions"}],"predecessor-version":[{"id":3797,"href":"https:\/\/archive.brucon.org\/2024\/wp-json\/wp\/v2\/pages\/3120\/revisions\/3797"}],"up":[{"embeddable":true,"href":"https:\/\/archive.brucon.org\/2024\/wp-json\/wp\/v2\/pages\/75"}],"wp:attachment":[{"href":"https:\/\/archive.brucon.org\/2024\/wp-json\/wp\/v2\/media?parent=3120"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}