Workshop

Offensive Entra ID (Azure AD) and hybrid AD security

March 16th, 17th & 18th

3 days training by Dirk-jan Mollema
This training will be given in ENGLISH

Normal price: CHF 3000.
Student price: CHF 2250.- (limited availability)

Workshop with certification (35 credit hours)

Great news! If you are part of this workshop you also have access to both days of conference.

Description

In the last years, more and more companies adopted Entra ID (Azure AD) as an identity platform for their cloud services, often using their existing on-prem AD as a source for a hybrid setup. As a red teamer, penetration tester, or security architect, you are probably familiar with Active Directory security concepts. Entra ID is vastly different and is built around different concepts and protocols.

This training explains how organizations use Entra ID to manage modern cloud-based or hybrid environments and what security challenges this brings. It is the result of many years of research into the protocols and internals of Entra ID. It will give you the knowledge to analyze, attack, and secure Entra ID and hybrid setups from modern attacks.

The training is technical and deep-dives into core protocols such as OAuth2 and application concepts. It includes many hands-on exercises and labs, set up as challenges, to gain access to accounts and elevate privileges.

Book your spot now!

About the trainer

Dirk-jan Mollema

Dirk-jan Mollema is a security researcher focusing on Active Directory and Microsoft Entra (Azure AD) security. In 2022 he started his own company, Outsider Security, where he performs penetration tests and reviews of enterprise networks and cloud environments. He blogs at dirkjanm.io, where he publishes his research, and shares updates on the many open source security tools he has written over the years. He presented previously at TROOPERS, DEF CON, Black Hat and BlueHat, is a current Microsoft MVP and has been awarded as one of Microsoft’s Most Valuable Researchers multiple times.

Follow the instructor:

LinkedIn | X | Bluesky

Course outline

Introduction into Entra ID and its role in the broader Azure ecosystems
The Entra ID cloud-only way of working and managing endpointsEntra ID identities – users, apps and devices
Entra ID roles, privileges and privileged security model
Entra ID data interfaces and tools
Entra ID application concepts, privilege model and OAuth2
Entra ID application abuse and vulnerabilities
Hybrid Entra ID environments, integration types and lateral movement
Conditional access – policy types, bypasses and best practices
Primary Refresh Tokens and how Windows handles them
Device identities and security enforcement
Entra ID joined Windows behaviour and security
Hardware enforced security with TPMs in Entra ID

The training focuses on Entra ID’s use as an identity platform. The training does not cover Azure Resource manager abuses, except the parts where it intersects with Entra ID. While a range of (open source) tools are used during the training, the goal is to provide understanding of the inner workings, not just on knowing how to run tools.

Course requirements

Workshop level

Intermediate

Who should attend

If you are a red teamer, apenetration tester, or a security architect, this workshop is for you.

Key takeaways

It will give you the knowledge to analyze, attack, and secure Entra ID and hybrid setups from modern attacks.

Course requirements

This course is meant for people with existing experience in Windows and AD security. While the course explains Azure AD concepts without requiring prior knowledge, general knowledge of HTTP protocols, REST APIs, command line tools and other basic offensive techniques are required for the labs. The hybrid labs assume prior knowledge of common Active Directory attack techniques, since the focus is on Azure AD and not on the on-premises Active Directory.