BREACHING AZURE

Breaching Azure replicates a complex enterprise environment with multiple Azure tenants. “SolarDrops” is a supply-chain vendor with its software deployed in a financial institute “Bogus Bank Corp”.

Students will be able to learn and replicate cloud specific attacks against Microsoft Azure environments.

0
Attack Paths
0
Azure Services
0
Enrolled Students

Course Contents:

  • Azure Reconnaissance

  • Multiple Cloud Phishing Techniques (Device Code, Illicit Consent)

  • Azure Active Directory Enumeration
  • Password Spraying
  • Pass the Cookie Attack
  • Conditional Access Policy Bypass
  • Identify sensitive data in Terraform
  • Extract Secrets from Key Vaults, LogicApps, Storages, etc
  • Compromise internal AD Connect Server
  • Deploy SonarQube to Identify and Exploit Vulnerabilities
  • Abuse Kubernetes Misconfiguration
  • Commit Code on DevOps project
  • Leverage Microsoft APIs to Read Sensitive Information from Microsoft365 Services

  • Laterally Movement Across Azure Tenants

  • Threat Hunting Utilizing Microsoft Sentinel

Who is it for?

Anyone keen in learning about Azure Security concepts. Our students usually include:

  • Penetration Testers
  • Cloud Architects
  • Cloud Security Engineers
  • DevOp Teams
  • Security Enthusiasts

What you will gain?

By the end of this course you will be able to perform:

  • Azure Enumeration
  • Identify Cloud Misconfigurations
  • Exploit Access Control Gaps
  • Lateral Movement
  • Phishing Attacks
  • Conduct Cloud Security Audits

Who can do the course?

Participants are expected to have:

  • Basic knowledge of Powershell.
  • Basic knowledge of Microsoft Azure.

Requirements

No additional hardware or software is required apart from a stable internet connection. You will be able to access and use a dedicated Azure Virtual Machine from anywhere via a web browser.

Offensive Azure Security Professional (OASP)

Earn the OASP badge by enrolling to Breaching Azure course and passing the practical exam. Every student has one attempt to complete the exam.

By displaying this badge it shows that holder has:

  • Knowledge of Azure Security Fundamental Concepts.
  • Strong understanding of Azure Security misconfigurations and how to exploit them.
  • Knowledge of Azure Cloud Specific Attacks.
  • She/He is able to Perform Azure Security Assessments.

Breaching Azure

$499
  • 30 Days BA Lab Access
  • PDF Training Guide
  • 1x OASP Exam Attempt
Enroll

Breaching Azure

$699
  • 60 Days BA Lab Access
  • PDF Training Guide
  • 1x OASP Exam Attempt
Enroll

Breaching Azure+

$1000
  • 60 Days BA Lab Access
  • Breaching Azure+ Training Guide
  • 2x OASP Exam Attempts
  • BA+ Standalone Challenges
  • Priority Support
Enroll

What students are Saying About Breaching Azure

I work in Azure every day and going through this course has not only increased my knowledge on Azure security hardening but I also got to experience what it was like to be part of a Red Team. I defiantly recommend anyone working in Azure Security should check out CloudBreach you won’t be disappointed.

Matt Dibiaso, Cloud Security Engineer @ 2nd Watch

The CloudBreach Breaching Azure course is a good introduction to common Azure and related cloud misconfigurations. CloudBreach also provide reliable support for any issues (which is a major factor in having a positive experience).

Michael Smirnoff, Cloud Incident Response Manager @ Commonwealth Bank

The course was fully practical and lab-based covering various things from Azure Resource Enumeration, Conditional Access Bypass, Illicit Consent Grant Attacks, Abusing misconfigs in Key Vaults, LogicApps, Storages, AKS misconfigs, JWT manipulation and so much more!

Abisola Dayspring Johnson, @Daycyberwox, Cloud Detection Engineering @ Datadog

I’ve done quite a few config reviews for Azure environments, but this course absolutely blew my mind, in particular how far certain misconfigurations can be pushed.

I highly recommend this hands-on course and exam to anyone looking to improve their cloud testing knowledge. CloudBreach OASP 2 when???

Ugnius G., Penetration Tester @ Bulletproof

I had a great experience from the labs and materials provided for learning Azure Security Attacks by @Cloud_Breach, just went through my exam and I would recommend this to anyone willing to learn about Azure and AAD Attacks.

Nikhil, @0xw0lf, Security Analyst

Successfully passed the Offensive Azure Security Professional (OASP) exam from CloudBreach. The exam was pretty tough compared to the labs and required some out of the box thinking. If anyone is interested in Azure abuses take the course! Thanks CloudBreach for the experience.

Jony Schats, Senior Ethical Hacker and Security Officer @ HackDefense

For anyone starting out in Cloud Security or even those experienced in it; this course has something for everyone. I was very impressed with the overall structure of the course and vast areas of domain topics. For the price, having 30 days of access to multiple Azure environments is something that everyone should explore, as it’s a great training ground!!

Eric Tomasello, VP of Solution Architecture & Cyber Security
Excited to have passed the Offensive Azure Security Professional (OASP) Exam. The lab and the exam have to offer and CloudBreach Team is amazing.
Vasilis Tasiopoulos, Red Team Leader @ Neurosoft
Excited to have passed the Offensive Azure Security Professional (OASP) Exam. The lab and the exam have to offer and CloudBreach Team is amazing.
Vasilis Tasiopoulos, Red Team Leader @ Neurosoft
Excited to have passed the Offensive Azure Security Professional (OASP) Exam. The lab and the exam have to offer and CloudBreach Team is amazing.
Vasilis Tasiopoulos, Red Team Leader @ Neurosoft

Over The last month I had the opportunity and pleasure to go through and complete the “Breaching Azure Lab” which replicates a complex enterprise environment with multiple Azure tenants. The exam is a fun and tricky 24 hours exam that replicates issues found in real Azure environments.The lab & exam rely on your ability to research and find the answers for your self.

Khalid Elkawlak, Security & Privacy Consultant, Protiviti