Get Your Head in the Clouds!
Have you found yourself in a job role needing to attack or defend Azure architecture? Has your fast-paced organization moved to the cloud while leaving security to catch up? Azure: Security Fundamentals cuts through the fog of the cloud by building participants’ understanding of Azure’s infrastructure components, common architecture designs, and security controls in the context of the attacker lifecycle. Through hands-on labs, this course also teaches participants how to identify misconfigurations in Azure that are commonly leveraged by attackers. Participants should expect to walk away from Azure: Security Fundamentals with a strong foundation of Azure security knowledge and first step on their journey of attacking or defending corporate Azure environments.
Azure Security Fundamentals
This course will teach participants the fundamentals of Azure, with a focus on security informed by attacker insight. Participants will build on this knowledge through an understanding of how Azure architectures, like solely cloud-based environments or hybridized on-premises and Azure environments, can affect the overall security of an environment. Participants reinforce what they learn through hands-on labs throughout the course and through guidance given by SpecterOps practitioners instructing the class.
- Class Introduction
- Azure Basics
- Accounts and Identities
- Function Apps
- Microsoft 365
- Virtual Machines
- MS Graph
- Hybrid Authentication
- Azure Authentication Flows
- Passwordless Authentication
- Multi-Factor Authentication
- OAuth Authorization Code Grant Abuseable URLs
- Conditional Access Policies
- External Information Gathering
- Credential Collection
- Attack Lifecycle
Organizations are increasingly adopting cloud-based infrastructure for some or all of its corporate production network. Microsoft’s Azure provides organizations with the ability to deploy cloud hosts and services to augment or replace existing functionality. More cloud resources implemented means more cloud resources needing protecting, through defensive or offensive security, but understanding how these new technologies work and the nuances of securing them can quickly become complicated.
Azure Security Fundamentals aims to provide participants without previous Azure experience with a solid foundational understanding of Microsoft Azure, its common architectures, its authentication mechanisms, and how adversaries commonly attack Azure-based environments.
Who Should Take This Course
Azure Security Fundamentals is intended for security professionals of any experience level looking to learn more about the foundations of Azure security and common attacks against it.
The course assumes no prior Azure knowledge, though participants should have a basic familiarity with cloud concepts and would benefit from previous exposure to an enterprise Azure environment.
What Participants Should Bring
Participants must provide their own computer with a modern web browser installed to access training materials and complete the course’s labs. The SpecterOps training platform URL (https://specterops.training) must be accessible from the participant’s computer throughout the duration of the course.
There are no local virtual machines or special software required to fully participate in the course or labs.
During the course, participants will be provided access to a range to perform course labs and goals.
Upon completion of the course, participants are provided with a copy of course slides, copies of solution guides/videos, and a certificate of completion.