Breaching Azure Lab replicates a complex enterprise environment with multiple Azure tenants. “SolarDrops” is a supply-chain vendor with its software deployed in a financial institute “Bogus Bank Corp”.

The labs feature the following:

  • Azure Reconnaissance

  • Multiple Cloud Phishing Techniques (Device Code, Illicit Consent)

  • Azure Active Directory Enumeration
  • Password Spraying
  • Pass the Cookie Attack
  • Conditional Access Policy Bypass
  • Identify sensitive data in Terraform
  • Extract Secrets from Key Vaults, LogicApps, Storages, etc
  • Compromise internal AD Connect Server
  • Deploy SonarQube to Identify and Exploit Vulnerabilities
  • Abuse Kubernetes Misconfiguration
  • Commit Code on DevOps project
  • Leverage Microsoft APIs to Read Sensitive Information from Microsoft365 Services
  • Laterally Movement Across Azure Tenants

Offensive Azure Security Professional (OASP)

Earn the OASP badge by enrolling to Breaching Azure course and passing the practical exam. Every student has one attempt to complete the exam.

By displaying this badge it shows that holder has:

  • Knowledge of Azure Security Fundamental Concepts.
  • Strong understanding of Azure Security misconfigurations and how to exploit them.
  • Knowledge of Azure Cloud Specific Attacks.
  • She/He is able to Perform Azure Security Assessments.

Breaching Azure

$499

30 Days Access + 1x Exam Attempt

Dedicated Azure VM
Step by Step Training Guide
Certificate of Completion

Lab Extension

Based On Days

Select Number of Days

Extend BA Labs Subscription

Breaching Azure+ 

Price upon Request

Breaching+ contains the core BA material plus extra Features, Lab time, Challenges and content.

Ideal for corporations and large student groups.

Who is it for?

Anyone keen in learning about Azure Security concepts. Our students usually include:

  • Cloud Architects
  • Dev Ops
  • Security Practitioners
  • Security Enthusiasts

Requirements

Only access to the internet and a web browser is required. You will be able to access and use a dedicated Azure Virtual Machine from anywhere.

What will I gain?

By the end of this course you will be able to perform:

  • Azure Enumeration
  • Identify Cloud Misconfigurations
  • Exploit Access Control Gaps
  • Lateral Movement
  • Phishing Attacks
  • Conduct Cloud Security Audits

Who can do the labs?

Participants are expected to have:

  • Experience with Windows Powershell
  • Basic Knowledge of Microsoft Azure

What students are Saying About Breaching Azure

 I work in Azure every day and going through this course has not only increased my knowledge on Azure security hardening but I also got to experience what it was like to be part of a Red Team. I defiantly recommend anyone working in Azure Security should check out CloudBreach you won’t be disappointed.

Matt Dibiaso, Cloud Security Engineer @ 2nd Watch

The course was fully practical and lab-based covering various things from Azure Resource Enumeration, Conditional Access Bypass, Illicit Consent Grant Attacks, Abusing misconfigs in Key Vaults, LogicApps, Storages, AKS misconfigs, JWT manipulation and so much more!

Abisola Dayspring Johnson, @Daycyberwox, Cloud Detection Engineering @ Datadog

The course was fully practical and lab-based covering various things from Azure Resource Enumeration, Conditional Access Bypass, Illicit Consent Grant Attacks, Abusing misconfigs in Key Vaults, LogicApps, Storages, AKS misconfigs, JWT manipulation and so much more!

Abisola Dayspring Johnson, @Daycyberwox, Cloud Detection Engineering @ Datadog

The course was fully practical and lab-based covering various things from Azure Resource Enumeration, Conditional Access Bypass, Illicit Consent Grant Attacks, Abusing misconfigs in Key Vaults, LogicApps, Storages, AKS misconfigs, JWT manipulation and so much more!

Abisola Dayspring Johnson, @Daycyberwox, Cloud Detection Engineering @ Datadog

The course was fully practical and lab-based covering various things from Azure Resource Enumeration, Conditional Access Bypass, Illicit Consent Grant Attacks, Abusing misconfigs in Key Vaults, LogicApps, Storages, AKS misconfigs, JWT manipulation and so much more!

Abisola Dayspring Johnson, @Daycyberwox, Cloud Detection Engineering @ Datadog

I had a great experience from the labs and materials provided for learning Azure Security Attacks by @Cloud_Breach, just went through my exam and I would recommend this to anyone willing to learn about Azure and AAD Attacks.

Nikhil, @0xw0lf, Security Analyst

For anyone starting out in Cloud Security or even those experienced in it; this course has something for everyone. I was very impressed with the overall structure of the course and vast areas of domain topics. For the price, having 30 days of access to multiple Azure environments is something that everyone should explore, as it’s a great training ground!!

Eric Tomasello, VP of Solution Architecture & Cyber Security

Excited to have passed the Offensive Azure Security Professional (OASP) Exam. The lab and the exam have to offer and CloudBreach Team is amazing.
Vasilis Tasiopoulos, Red Team Leader @ Neurosoft

Excited to have passed the Offensive Azure Security Professional (OASP) Exam. The lab and the exam have to offer and CloudBreach Team is amazing.
Vasilis Tasiopoulos, Red Team Leader @ Neurosoft

Excited to have passed the Offensive Azure Security Professional (OASP) Exam. The lab and the exam have to offer and CloudBreach Team is amazing.
Vasilis Tasiopoulos, Red Team Leader @ Neurosoft

Over The last month I had the opportunity and pleasure to go through and complete the “Breaching Azure Lab” which replicates a complex enterprise environment with multiple Azure tenants. The exam is a fun and tricky 24 hours exam that replicates issues found in real Azure environments.The lab & exam rely on your ability to research and find the answers for your self.

Khalid Elkawlak, Security & Privacy Consultant, Protiviti