Outsider Security offers training courses for offensive and defensive security teams. Currently we are focusing on our offensive Azure AD and Hybrid AD security training, which is given as an in-person 3-day training. The training is primarily given to internal teams at organizations, for example internal red teams or offensive security companies that want to train their teams in Azure AD attacks. Public offerings of this training are also available, a list of dates is shown below.
In the past few years more and more companies adopted Azure AD as an identity platform for their cloud services, often using their existing on-prem AD as a source for a hybrid setup. As a red teamer, pentester, or security architect, you are probably familiar with Active Directory security concepts. Azure AD is vastly different and is built around different concepts and protocols.
This training explains how organizations use Azure AD to manage modern cloud-based or hybrid environments and what security challenges this brings. It is the result of many years of research into the protocols and internals of Azure AD. It will give you the knowledge to analyze, attack, and secure Azure AD and hybrid setups from modern threats. The training is technical and deep-dives into core protocols such as OAuth2 and application concepts. It includes many labs and hands-on exercises, set up as challenges to gain access to accounts and elevate privileges.
Public training offerings for 2024 are not yet available. If you are interesting in attending a public training, please let us know by email so we know which region to consider for future editions.
The training is divided in a 3-day program. The following topics are covered in the training:
This training is meant for a technical audience. The focus is on teaching concepts and techniques to understand the inner workings of Azure AD, which can be applied during Azure AD pentests and red teams in hybrid environments. Some familiarity with on-premises AD is preferred, basic knowledge of HTTP and using REST API's is required to take this training.
If you are interested in organizing this training at your organization or for your team, want to request a customized training on any Azure AD / Active Directory related topic, or have more questions about the offerings, contact us.