Cloud Penetration Testing with Azure - Master Initial Access
- Description
- Curriculum
- FAQ
- Reviews
Welcome to “Cloud Penetration Testing with Azure – Master Initial Access,” your ultimate guide to mastering cloud-specific penetration testing and ethical hacking in Microsoft Azure. Designed for all skill levels, this course combines comprehensive theoretical knowledge with hands-on practical exercises to enhance your cloud security expertise with NO prior cloud knowledge required.
This course is ideal for both beginners and experienced cybersecurity professionals looking to deepen their knowledge and skills in cloud security.
We begin by setting up your pentesting lab environment using FREE Microsoft 365 and Azure subscriptions. You’ll secure admin accounts, configure Entra ID user accounts, and leverage tools like AAD Internals for effective reconnaissance and target identification.
Our focus then shifts to mastering initial access techniques within Azure environments. You’ll master methods such as brute force attacks, password spraying, and sophisticated phishing strategies using tools like EvilGinx and GraphSpy.
You will exploit Azure cloud storage by setting up a pentesting lab for blob hunting, using tools like MicroBurst and ForexBuster to perform predictable resource location attacks.
Throughout the course, you’ll use a variety of powerful tools, including PowerShell scripts to setup lab for penetration testing.
You will learn how to use following tools:
-
AAD Internals
-
O365Spray
-
Evilginx
-
GraphSpy
-
MicroBurst
-
FeroxBuster
-
and more…
The practical approach ensures you can apply your skills directly to Azure environments.
By the end of this course, you’ll have a solid foundation in cloud penetration testing, equipping you with the knowledge and tools to detect, prevent, and secure cloud environment effectively.
-
6
Domain Name Discovery: Methods and Tools -
7
Introduction to AAD Internals
-
8
Essential Methods for Getting Domains
-
9
Accessing OpenID Information Made Simple
-
10
Microsoft Entra ID Explained
-
11
Reconnaissance of Azure from an Outsider's Perspective
-
12
Microsoft Entra ID Roles and Azure Permissions Explained
-
13
Understanding Naming Convention Essentials
-
14
Exploring User Enumeration as an Outsider
-
15
Conducting User Enumeration on Multiple Accounts from Outside
-
16
Understanding Brute Force Attack Technique
-
17
Password Spray Attacks Explained
-
18
Step-by-Step Guide Performing a Password Spray Attack
-
19
Introduction to Phishing Framework to Bypass MFA
-
20
Understanding the Prerequisites for Phishing Lab
-
21
Setting Up Infrastructure for EvilGinx
-
22
Evilginx Installation Guide for Pentesters
-
23
Setting Up MFA Before Phishing Attempt
-
24
Executing Phishing Attacks Using EvilGinx
-
25
Device Code Phishing Techniques
-
26
Understanding GraphSpy: Overview and Application
-
27
GraphSpy Installation and Configuration
-
28
Executing Device Code Phishing Attacks
-
29
Introduction to Storage Hunting
-
30
Cloud Storage Account Explained
-
31
Creating Pentesting Lab for Blob Hunting
-
32
Setting up Pentesting Tool to Exploit Blob Storage
-
33
How to Exploit Cloud Storage Account
-
34
Other Tools for Blob Hunting
-
35
Predictable Resource Location Attack with FeroxBuster
