On-site training by Outsider Security

Outsider Security offers training courses for offensive and defensive security teams. Currently we are focusing on our offensive Entra ID (Azure AD) and Hybrid AD security training, which is given as an in-person 3-day training. The training is primarily given to internal teams at organizations, for example internal red teams or offensive security companies that want to train their teams in Microsoft Entra attacks. Public offerings of this training are also available, a list of dates is shown below.

Training: Offensive Entra ID (Azure AD) and hybrid AD security

Over the past years more and more companies adopted Microsoft Entra (formerly Azure AD) as an identity platform for their cloud services, often using their existing on-prem Active Directory as a source for a hybrid setup. As a red teamer, pentester, or security architect, you are probably familiar with Active Directory security concepts. Entra ID is vastly different and is built around different concepts and protocols.

This training explains how organizations use Entra ID to manage modern cloud-based or hybrid environments and what security challenges this brings. It is the result of many years of research into the protocols and internals of Entra ID. It will give you the knowledge to analyze, attack, and secure Entra ID and hybrid setups from modern threats. The training is technical and deep-dives into core protocols such as OAuth2 and application concepts. It includes many labs and hands-on exercises, set up as challenges to gain access to accounts and elevate privileges.

Public training offerings

The following public events are currently open for registration:

Syllabus

The training is divided in a 3-day program. The following topics are covered in the training:

  • Introduction into Microsoft Entra ID and its role in the broader Azure ecosystems
  • Entra ID identities - users, apps and devices
  • Entra ID roles, privileges and privileged security model
  • Modern authentication, device management and device compliance
  • Entra ID data interfaces and tools
  • Entra ID application concepts, privilege model and OAuth2
  • Entra ID application abuse and vulnerabilities
  • Hybrid Entra ID environments, integration types and lateral movement
  • Conditional access - policy types, bypasses and best practices
  • Primary Refresh Tokens and their abuse
  • Device code phishing and PRT phishing
  • Entra ID device internals and security
  • Windows Hello internals and abuse

Audience

This training is meant for a technical audience. The focus is on teaching concepts and techniques to understand the inner workings of Entra ID, which can be applied during Entra ID pentests and red teams in hybrid environments. Some familiarity with on-premises AD is preferred, basic knowledge of HTTP and using REST API's is required to take this training. The training has also been given several times for a blue team audience, with a bigger focus on the general concepts and prevention rather than technical abuse details.

Get in touch

If you are interested in organizing this training at your organization or for your team, want to request a customized training on any Entra ID / Active Directory related topic, or have more questions about the offerings, contact us.