Breaching Azure Lab

Breaching Azure replicates a complex enterprise environment with multiple Azure tenants. “SolarDrops” is a supply-chain vendor with its software deployed in a financial institute “Bogus Bank Corp”.

The labs feature the following:

  • Password Spraying Attack
  • Phishing Techniques (Device Code, illicit Consent)
  • Azure Active Directory Enumeration
  • Pass the Cookie Attack
  • Conditional Access Policy Bypass
  • Identify sensitive data in Terraform
  • Retrive Credentials from various services like keyvaults, Logic Apps, etc…
  • Compromise internal AD Connect server and on Cloud Terminal Server
  • Use SonarQube to identify vulnerabilities
  • Identify Kubernetes misconfiguration
  • Commit code on DevOps project
  • Use Microsoft APIs to read sensitive information from SharePoint and Outlook
  • Laterally Move to a new tenant