SEC-T - 0x10sion

10-13th of September 2024

Offensive Entra ID (Azure AD) and hybrid AD security

Offensive Entra ID (Azure AD) and hybrid AD security

Over the past years more and more companies adopted Microsoft Entra (formerly Azure AD) as an identity platform for their cloud services, often using their existing on-prem Active Directory as a source for a hybrid setup. As a red teamer, pentester, or security architect, you are probably familiar with Active Directory security concepts. Entra ID is vastly different and is built around different concepts and protocols.

This training explains how organizations use Entra ID to manage modern cloud-based or hybrid environments and what security challenges this brings. It is the result of many years of research into the protocols and internals of Entra ID. It will give you the knowledge to analyze, attack, and secure Entra ID and hybrid setups from modern threats. The training is technical and deep-dives into core protocols such as OAuth2 and application concepts. It includes many labs and hands-on exercises, set up as challenges to gain access to accounts and elevate privileges.

Agenda

Attendee requirements – skills

This course is meant for people with existing experience in Windows and AD security. While the course explains Azure AD concepts without requiring prior knowledge, general knowledge of HTTP protocols, REST APIs, command line tools and other basic offensive techniques are required for the labs. The hybrid labs assume prior knowledge of common Active Directory attack techniques, since the focus is on Azure AD and not on the on-premises Active Directory.
Attendee requirements – technical

For the training you will need to bring a laptop, ideally one that can run virtual machines. The recommended setup involves installing VMWare Workstation (free trial available) or VMWare Player (free) and creating a Windows or Linux based virtual machine. If you are unsure which to choose, I recommend going with a Windows virtual machine.
If you are using your corporate machine, make sure that you have admin rights to install tools and that you have unrestricted internet access to set up a VPN to the lab and access the training portals.