Overview
This comprehensive offensive Azure course provides a deep dive into Azure’s infrastructure
and security landscape. Participants will explore various modules covering essential
components such as Azure infrastructure understanding, enumeration techniques, initial
access strategies including phishing methods, abusing reader roles, misconfigurations, and
exploiting Azure services. The course extends into post-exploitation techniques, pivoting
between cloud and on-premises environments, compromising Azure Kubernetes Service
(AKS), devices using Microsoft Intune, Entra Connect features, leveraging Azure services for
persistence, conducting Azure configuration assessments, and utilizing automation tools for
security checks. This hands-on course equips participants with practical insights and skills
crucial for identifying and exploiting Azure components.
Who Should Attend?
This course is for anyone interested in cloud security or wanting to learn offensive side of
Azure Infrastructure. Whether you’re into penetration testing, managing Azure Cloud, or just
curious to learn about cloud hacking, this course explains how to finds ways to get in victims
Azure account. It’s good for beginners and experts who want to understand more about how
to do bad things in Azure, so you can learn how to stop them.
Key Learning Objectives
§ Enumeration
§ Ways of initial Access
§ Abusing Azure Services like Logic Apps, Cosmos DB, Microsoft Defender, etc.
§ Lateral movements
§ Post Exploitation via different services (K8s, ACR, Managed Identities, etc)
§ Phishing Techniques (Device code, Illicit Consent, MITM)
§ Pivoting from cloud to on-premises using Azure Services
§ Entra ID misconfigurations for privilege escalation and user impersonation
§ Using Azure Services as your C2
§ Maintaining persistence using Azure services
§ Magics of Azure Tokens
§ Configuration Assessment
Prerequisite Knowledge
Basic understanding of cloud technology and penetration testing, along with familiarity in
using PowerShell and the Azure CLI.
Lab Environment
Students will be given a Windows OVA file to perform all the labs. Along with that will be also
providing Student Azure Account to perform certain labs.
Hardware/Software Requirement
Participants should have a system equipped with a minimum of 8GB RAM and VirtualBox
installed. We’ll provide a Windows OVA file for installation within VirtualBox during the course.
Chirag Savla is a Cyber Security professional with 9+ years of experience. His areas of
interest include penetration testing, red teaming, azure, active directory security, and post-
exploitation research. He prefers to create open-source tools and explore new attack
methodologies at his leisure. He has worked extensively on Azure, Active Directory attacks,
defense, and bypassing detection mechanisms. He is an author of multiple open-source
tools such as various process injection tools, Callidus, etc. He has presented at multiple
conferences and local meetups and has trained people in international conferences like
Blackhat, and BSides Milano.