Adversary Perspectives - Azure
Important
After reading the material, use the following resources to prepare for your specific delivery:
Assumed Knowledge
The focus for this course is Azure Resource Manager and Microsoft Entra ID. This course assumes familiarity with traditional on-premises Active Directory, Kerberos, and basic cloud concepts. If this is your first time with these concepts, we recommend reviewing these resources prior to the course delivery.
- Sean Metcalf’s ADSecurity Blog
- Microsoft Kerberos Authentication Overview
- Active Directory Attack and Defense
- BloodHound
- Microsoft Azure Fundamentals: Describe cloud concepts
Authentication
There is a heavy focus on authentication in both the lectures and labs. Authentication concepts will be explained to students in detail, but as it can be complex, we recommend the following resources to get started:
- Microsoft identity platform and OAuth 2.0 authorization code flow
- Which OAuth 2.0 Flow should I use?
- Vulnerable-OAuth-2.0-Applications
- Practical OpenID Connect Pentesting
- Lab OAuth SSRF via OpenID Dynamic Client Registration
- OAuth 2.0 - Authorization Code flow
- OAuth 2.0 and OpenID Connect (in plain English)
Course Caveats
- This is a security focused Azure and Microsoft Entra ID course
- It does not cover how to attack kill chains in detail but provides insights
- There are some concepts which are not covered
- We simply do not have time to cover everything
- The labs are artificial environments
- Labs are purposefully designed to have misconfigurations and have limitations based on what we can replicate
- Exceptions and outliers for special circumstances are not covered