Cloud Red Team : Attacking and Defending Azure is designed to help security professionals in understand, analyze and practice attacks in an enterprise-like live Azure environment that has effective security controls in place. You will be able to practice and sharpen popular tactics, techniques and procedures (TTPs) for Azure environments. In addition, you will learn how to bypass security controls like Advanced Conditional Access Policies, Multiple ways to bypass MFA that is enforced using different methods, Privileged Identity Management (PIM) and Microsoft Defender for Cloud. CARTE also focuses on abuse of JWT signing, Family of Client IDs (FOCI), Attribute Based Access Control (ABAC), Temporary Access Password (TAP), Custom Claims, Cross Tenant Access, Azure Lighthouse, Azure ARC, Multi-Cloud Access, Tokens form Office Applications and traffic and Abuse of Kerberos in Entra ID.
Syllabus
- Introduction to the Attack Methodology
- Understanding APIs, Endpoints and Versions
- Understanding OAuth, Microsoft Identity Platform and Authorization Flows
- Deep dive into Tokens and Claims
- Initial Access Attacks
- Enumeration of Azure AD (Entra ID) and Azure
- Abusing MS Graph API
- Privilege Escalation
- Lateral Movement
- Persistence techniques
- Bypassing Defences
- Detecting and Stopping the attacks
