Breaching Azure2024-03-03T19:35:58+02:00

BREACHING AZURE

Breaching Azure replicates a complex enterprise environment with multiple Azure tenants. “SolarDrops” is a supply-chain vendor with its software deployed in a financial institute “Bogus Bank Corp”.

Students will be able to learn and replicate cloud specific attacks against Microsoft Azure environments.

0
Attack Paths
0
Azure Services
0
Enrolled Students

Course Contents:

  • Azure Reconnaissance

  • Multiple Cloud Phishing Techniques (Device Code, Illicit Consent)

  • Azure Active Directory Enumeration
  • Password Spraying
  • Pass the Cookie Attack
  • Conditional Access Policy Bypass
  • Identify sensitive data in Terraform
  • Extract Secrets from Key Vaults, LogicApps, Storages, etc
  • Compromise internal AD Connect Server
  • Deploy SonarQube to Identify and Exploit Vulnerabilities
  • Abuse Kubernetes Misconfiguration
  • Commit Code on DevOps project
  • Leverage Microsoft APIs to Read Sensitive Information from Microsoft365 Services

  • Laterally Movement Across Azure Tenants

  • Threat Hunting Utilizing Microsoft Sentinel

Who is it for?

Anyone keen in learning about Azure Security concepts. Our students usually include:

  • Penetration Testers
  • Cloud Architects
  • Cloud Security Engineers
  • DevOp Teams
  • Security Enthusiasts

What you will gain?

By the end of this course you will be able to perform:

  • Azure Enumeration
  • Identify Cloud Misconfigurations
  • Exploit Access Control Gaps
  • Lateral Movement
  • Phishing Attacks
  • Conduct Cloud Security Audits

Who can do the course?

Participants are expected to have:

  • Basic knowledge of Powershell.
  • Basic knowledge of Microsoft Azure.

Requirements

No additional hardware or software is required apart from a stable internet connection. You will be able to access and use a dedicated Azure Virtual Machine from anywhere via a web browser.

Offensive Azure Security Professional (OASP)

Earn the OASP badge by enrolling to Breaching Azure course and passing the practical exam. Every student has one attempt to complete the exam.

By displaying this badge it shows that holder has:

  • Knowledge of Azure Security Fundamental Concepts.
  • Strong understanding of Azure Security misconfigurations and how to exploit them.
  • Knowledge of Azure Cloud Specific Attacks.
  • She/He is able to Perform Azure Security Assessments.

Pricing

Breaching Azure

$499
  • 30 Days BA Lab Access
  • PDF Training Guide
  • 1x OASP Exam Attempt
Enroll

Breaching Azure

$699
  • 60 Days BA Lab Access
  • PDF Training Guide
  • 1x OASP Exam Attempt
Enroll

Breaching Azure+

$1000
  • 60 Days BA Lab Access
  • Breaching Azure+ Training Guide
  • 2x OASP Exam Attempts
  • BA+ Standalone Challenges
  • Priority Support
Enroll

What students are Saying About Breaching Azure

I work in Azure every day and going through this course has not only increased my knowledge on Azure security hardening but I also got to experience what it was like to be part of a Red Team. I defiantly recommend anyone working in Azure Security should check out CloudBreach you won’t be disappointed.

Matt Dibiaso, Cloud Security Engineer @ 2nd Watch

The CloudBreach Breaching Azure course is a good introduction to common Azure and related cloud misconfigurations. CloudBreach also provide reliable support for any issues (which is a major factor in having a positive experience). Read my review on my blog.

Michael Smirnoff, Cloud Incident Response Manager @ Commonwealth Bank

The course was fully practical and lab-based covering various things from Azure Resource Enumeration, Conditional Access Bypass, Illicit Consent Grant Attacks, Abusing misconfigs in Key Vaults, LogicApps, Storages, AKS misconfigs, JWT manipulation and so much more!

Abisola Dayspring Johnson, @Daycyberwox, Cloud Detection Engineering @ Datadog

I’ve done quite a few config reviews for Azure environments, but this course absolutely blew my mind, in particular how far certain misconfigurations can be pushed.

I highly recommend this hands-on course and exam to anyone looking to improve their cloud testing knowledge. CloudBreach OASP 2 when???

Ugnius G., Penetration Tester @ Bulletproof

I had a great experience from the labs and materials provided for learning Azure Security Attacks by @Cloud_Breach, just went through my exam and I would recommend this to anyone willing to learn about Azure and AAD Attacks.

Nikhil, @0xw0lf, Security Analyst

Successfully passed the Offensive Azure Security Professional (OASP) exam from CloudBreach. The exam was pretty tough compared to the labs and required some out of the box thinking. If anyone is interested in Azure abuses take the course! Thanks CloudBreach for the experience.

Jony Schats, Senior Ethical Hacker and Security Officer @ HackDefense

For anyone starting out in Cloud Security or even those experienced in it; this course has something for everyone. I was very impressed with the overall structure of the course and vast areas of domain topics. For the price, having 30 days of access to multiple Azure environments is something that everyone should explore, as it’s a great training ground!!

Eric Tomasello, VP of Solution Architecture & Cyber Security
Excited to have passed the Offensive Azure Security Professional (OASP) Exam. The lab and the exam have to offer and CloudBreach Team is amazing.
Vasilis Tasiopoulos, Red Team Leader @ Neurosoft
Excited to have passed the Offensive Azure Security Professional (OASP) Exam. The lab and the exam have to offer and CloudBreach Team is amazing.
Vasilis Tasiopoulos, Red Team Leader @ Neurosoft
Excited to have passed the Offensive Azure Security Professional (OASP) Exam. The lab and the exam have to offer and CloudBreach Team is amazing.
Vasilis Tasiopoulos, Red Team Leader @ Neurosoft

Over The last month I had the opportunity and pleasure to go through and complete the “Breaching Azure Lab” which replicates a complex enterprise environment with multiple Azure tenants. The exam is a fun and tricky 24 hours exam that replicates issues found in real Azure environments.The lab & exam rely on your ability to research and find the answers for your self.

Khalid Elkawlak, Security & Privacy Consultant, Protiviti

FAQ

What is the OASP exam format?2023-12-27T10:55:03+02:00

The exam is practical and based on the material taught during the Breaching Azure course. The candidate is given access to a cloud environment for 24 hours. The goal is to compromise the target environment and capture the final exam flag. You will then have another 24 hours to submit a brief report explaining the steps in high level. By passing the exam candidates are awarded the OASP digital badge.

Can I enroll for a course and start later ?2023-12-06T17:19:29+02:00

Yes, you can purchase the course today and schedule the Labs start date whenever works best for you.

I will need to pause the lab for a few days, is that possible?2023-12-06T17:18:31+02:00

At this moment, pausing the lab is not possible. The lab is deployed on the scheduled starting day and elapses after 30 or 60 days depending on the access time purchased.

Can I extend my lab access after purchasing the course?2023-12-06T17:30:54+02:00

Yes, Labs access can be extended at anytime through the CloudBreach portal by navigating to cloudbreach.io/addons. If you have any issues please ask one of the CloudBreach administrators.

Can I refund the remaining lab time?2024-02-12T22:46:45+02:00

Unfortunately not. We do not offer refunds for any digital training courses purchased on our website. Before making a purchase, we encourage you to review the course description, objectives, and any available previews to ensure the course meets your learning needs and expectations. Read the refund policy at cloudbreach.io/refund-policy

I am not sure what level of expertise is required?2023-12-06T17:18:01+02:00

If you have more than 1 year experience on Microsoft Azure infrastructure then you should be able to complete the challenges. The lab questions provide hints to the players for which attack vector to use. Nevertheless, at least one CloudBreach administrator will be available to guide you in case you struggle. The goal of these training course is to provide a realistic cloud environment for students to exploit and learn.

Do I need to install any kind of software?2023-12-06T17:18:44+02:00

To start the CloudBreach labs you do not need to install any kind of software apart from a standard web browser. The training grounds are fully hosted on Microsoft Azure cloud.  Remote access will be given through a browser.

Logo
Go to Top