Hacking Azure: From Zero To Cloud Admin
Online, Available in English
Topics:
- Module 1 Azure Architecture and Tenant Fundamentals
- Module 2 Entra ID: Identities, Auth Flows, and App Registrations
- Module 3 The ARM Permission Model and Sensitive Permission Identification
- Module 4 Web Applications as Entry Points
- Module 5 Tenant Enumeration and Attack Path Mapping
- Module 6 Storage Accounts
- Module 7 Key Vault and ARM Template Secrets
- Module 8 Automation Accounts and Managed Identities
- Module 9 Azure DevOps: Pipeline Security
- Module 10 Function Apps and Logic Apps
- Module 11 Azure Container Instances
- Module 12 Persistence Techniques
Overview
Azure has become the dominant platform for enterprise infrastructure. As organisations migrate critical workloads to the cloud, the attack surface shifts from the network perimeter to the identity and permissions layer. Practitioners trained in traditional web and network security often find themselves without the vocabulary or hands-on experience to operate confidently in this environment. This two-day course is designed to close that gap.
Day 1 and the first half of Day 2 work through the
Azure attack surface service by service across twelve modules. Each module covers what a service does, where the attack surface lives, which ARM permissions matter, and how an attacker abuses misconfigurations in practice. Students leave each module with a working technique, not just a concept.
By the end of this course, the participant will be able to:
- Enumerate a tenant and map attack paths
- Abuse Storage Accounts and Key Vault
- Escalate privileges through Automation Account misconfigurations
- Move laterally across Azure DevOps, Function Apps, and Logic Apps
- Execute code inside Azure Container Instances
- Establish persistence that survives credential rotation
- Document Azure findings for a penetration test report