Back

Azure Penetration Testing Specialist
In-person

This course is designed to introduce beginners to the fundamentals of Azure penetration testing, equipping them with essential knowledge and skills to assess and secure Azure cloud environments.

Tarek

Lead Trainer

48 hr

Description

Course Curriculum

Introduction to Azure

3 lessons

1. Intro to Azure

2. Intro to Azure services

3. Different ways to interact with Azure

Reconnaissance and Enumeration

4 lessons

4. Tenant availability and gathering tenant information

5. Azure subdomains recon

6. Enumerating services

7. User enumeration

Initial Access

4 lessons

8. Password spraying

9. Consent phishing

10. Device Code Phishing

11. Adversary in the Middle

Bypassing Defenses

3 lessons

12. Bypassing MFA

13. Understanding conditional access

14. Bypassing conditional access

Tokens

3 lessons

15. Understanding different token types

16. Where to look for tokens

17. How can different tokens be used and abused

Entra ID Persistence

4 lessons

18. Understanding Entra ID roles and permissions

19. Understanding users, groups and service principles

20. Abusing external collaboration for persistence

21. Abusing service principles for persistence

Attacking Storage

4 lessons

22. Understanding storage types

23. Storage enumeration

24. Connecting to containers and blobs

25. Connecting to storage accounts

Attacking Automation Accounts

4 lessons

26. Understanding automation accounts

27. Understanding runbooks

28. Finding and decoding secrets

29. Persistence with automation accounts

Attacking VMs

3 lessons

30. Abusing disk snapshots

31. Abusing run commands

32. Abusing IMDS

Attacking Key Vaults

3 lessons

33. Abusing key vault policies

34. Abusing key vault RBAC

35. Retrieving secrets from key vaults

Abusing Container Registries

4 lessons

36. Container lifecycle

37. Registry anonymous access

38. Registry admin access

39. Inspecting images