Outsider Security offers training courses for offensive and defensive security teams. Currently we are focusing on our offensive Azure AD and Hybrid AD security training, which is given as an in-person 3-day training. For now, the training is only given to internal teams at organizations, for example internal red teams or offensive security companies that want to train their teams in Azure AD attacks. Public offerings of this training are considered but there are no scheduled events yet.
In the past few years more and more companies adopted Azure AD as an identity platform for their cloud services, often using their existing on-prem AD as a source for a hybrid setup. As a red teamer, pentester, or security architect, you are probably familiar with Active Directory security concepts. Azure AD is vastly different and is built around different concepts and protocols.
This training explains how organizations use Azure AD to manage modern cloud-based or hybrid environments and what security challenges this brings. It is the result of many years of research into the protocols and internals of Azure AD. It will give you the knowledge to analyze, attack, and secure Azure AD and hybrid setups from modern threats. The training is technical and deep-dives into core protocols such as OAuth2 and application concepts. It includes many labs and hands-on exercises, set up as challenges to gain access to accounts and elevate privileges.
The training is divided in a 3-day program. The following topics are covered in the training:
This training is meant for a technical audience. The focus is on teaching concepts and techniques to understand the inner workings of Azure AD, which can be applied during Azure AD pentests and red teams in hybrid environments. Some familiarity with on-premises AD is preferred, basic knowledge of HTTP and using REST API's is required to take this training.
If you are interested in organizing this training at your organization or for your team, want to request a customized training on any Azure AD / Active Directory related topic, or have more questions about the offerings, contact us.