introduction
Get Your Head in the Clouds!
Have you found yourself in a job role needing to attack or defend Azure architecture? Has your fast-paced organization moved to the cloud while leaving security to catch up? Azure: Security Fundamentals cuts through the fog of the cloud by building participants’ understanding of Azure’s infrastructure components, common architecture designs, and security controls in the context of the attacker lifecycle. Through hands-on labs, this course also teaches participants how to identify misconfigurations in Azure that are commonly leveraged by attackers. Participants should expect to walk away from Azure: Security Fundamentals with a strong foundation of Azure security knowledge and first step on their journey of attacking or defending corporate Azure environments.
course summary
Azure Security Fundamentals
This course will teach participants the fundamentals of Azure, with a focus on security informed by attacker insight. Participants will build on this knowledge through an understanding of how Azure architectures, like solely cloud-based environments or hybridized on-premises and Azure environments, can affect the overall security of an environment. Participants reinforce what they learn through hands-on labs throughout the course and through guidance given by SpecterOps practitioners instructing the class.
Day 1
- Class Introduction
- Azure Basics
- Accounts and Identities
- Roles
- Groups
Day 2
- Function Apps
- Microsoft 365
- Virtual Machines
- MS Graph
Day 3
- OAuth
- Authentication Mechanisms
- Credential and Identity Syncing Mechanisms
Day 4
- Conditional Access Policies
- External Information Gathering
- Credential Collection
- Attack Lifecycle
Overview
Organizations are increasingly adopting cloud-based infrastructure for some or all of its corporate production network. Microsoft’s Azure provides organizations with the ability to deploy cloud hosts and services to augment or replace existing functionality. More cloud resources implemented means more cloud resources needing protecting, through defensive or offensive security, but understanding how these new technologies work and the nuances of securing them can quickly become complicated.
Azure Security Fundamentals aims to provide participants without previous Azure experience with a solid foundational understanding of Microsoft Azure, its common architectures, its authentication mechanisms, and how adversaries commonly attack Azure-based environments.
Training Participants
Who Should Take This Course
Azure Security Fundamentals is intended for security professionals of any experience level looking to learn more about the foundations of Azure security and common attacks against it.