Tuesday, 12 September - Friday, 15 September 2023 (4 days)
20 people maximum
€3,000.00
This training explains how organizations use Azure AD to manage modern cloud-based or hybrid environments and what security challenges this brings. It is the result of many years of research into the protocols and internals of Azure AD. It will give you the knowledge to analyze, attack, and secure Azure AD and hybrid setups from modern attacks. The training is technical and deep-dives into core protocols such as OAuth2 and application concepts. It includes many hands-on exercises and labs, set up as challenges, to gain access to accounts and elevate privileges. The training focuses on Azure AD’s use as an identity platform. The training does not cover Azure Resource manager abuses, except the parts where it intersects with Azure AD. While a range of (open source) tools are used during the training, the goal is to provide understanding of the inner workings, not just on knowing how to run tools.
Immersive learning of concepts and techniques to understand the inner workings of Azure AD, which can be applied during Azure AD pentests and red teams in hybrid environments.
Dirk-jan Mollema is a hacker and researcher of Active Directory and Azure AD security. In 2022 he started his own company, Outsider Security, where he performs penetration tests and reviews of enterprise networks and cloud environments. He blogs at dirkjanm.io, where he publishes his research, and shares updates on the many open source security tools he has written over the years. He presented previously at TROOPERS, DEF CON, Black Hat and BlueHat and has been awarded as one of Microsoft’s Most Valuable Researchers multiple times.
Red teamers, blue teamers, penetration testers, security architects, IT professionals
The students should have some degree of existing knowledge of Windows, Active Directory, web based technologies such as REST API’s, and be familiar with command line based tools, virtual machines and HTTP inspection/crafting tools.
Laptop with a virtualization platform (such as VMWare) with a virtual machine that can be used for the labs in the training. Most labs can be done on both Windows and Linux virtual machines, but some require the use of Windows. Note that not all required tools will work on Windows on ARM, having a x64 virtual machine is preferred.
Trainees will receive the training materials (slides) in PDF form. The online labs will be available for a short period after the training, but not all exercises will be available due to the changing configuration of the lab.
Tuesday, 12 September 2023 – Day 1
Lecture 1 – Introduction
Lecture 2 – Azure AD components: Administrator roles and privileges
Wednesday, 13 September 2023 – Day 2
Lecture 3 – Azure AD components: data interfaces
Lecture 4 – Azure AD components: applications
Thursday, 14 September 2023 – Day 3
Lecture 5 – Identity security: Conditional Access
Lecture 6 – Primary refresh tokens and device identity
Friday, 15 September 2023 – Day 4
Lecture 7 – Hybrid environments
RomHack is made with 🤍 by Cyber Saiyan
Support us making a donation or becoming a member
[ Code of Conduct ]
Cyber Saiyan Ente del Terzo Settore – C.F. (FC) 97958200582 – VAT 14669161003