BHIS LIVE! | Getting Started in Pentesting The Cloud: Azure | Beau Bullock (1-Hour)
Вставка
- Опубліковано 29 вер 2024
- Join us in the Black Hills InfoSec Discord server here: / discord to keep the security conversation going!
EDITED EDITION Now available: • EDITED EDITION - Getti...
36:31 - Webcast officially starts
In this Black Hills Information Security (BHIS) webcast, you will learn tools and techniques for performing penetration tests against Microsoft Azure environments.
Increasingly, more organizations are migrating resources to being hosted in the cloud. With this comes a greater potential for misconfiguration if there isn’t a solid understanding of the attack surface. While there are many similarities between traditional on-premises pentesting and cloud-based pentesting, the latter is an animal of its own. This webcast will attempt to clear up some of the fogginess around cloud-based pentesting, specific to Microsoft Azure environments, including Microsoft 365.
In order to adequately determine the attack surface, the appropriate coverage areas will be highlighted. Differences between Azure resources and Microsoft 365 can oftentimes be confusing but knowing these differences is key to helping you pivot and escalate privileges. Conditional access policies are great for defining different scenarios for how users can authenticate securely but can also be misconfigured. There are security protections for stopping certain password attacks but some of these can be bypassed. Ultimately, a methodology for testing Azure environments along with tools and techniques will be presented in this talk.
Black Hills Infosec Socials
Twitter: / bhinfosecurity
Mastodon: infosec.exchan...
LinkedIn: / antisyphon-training
Discord: / discord
Black Hills Infosec Shirts & Hoodies
spearphish-gen...
Black Hills Infosec Services
Active SOC: www.blackhills...
Penetration Testing: www.blackhills...
Incident Response: www.blackhills...
Backdoors & Breaches - Incident Response Card Game
Backdoors & Breaches: www.backdoorsa...
Play B&B Online: play.backdoors...
Antisyphon Training
Pay What You Can: www.antisyphon...
Live Training: www.antisyphon...
On Demand Training: www.antisyphon...
Educational Infosec Content
Black Hills Infosec Blogs: www.blackhills...
Wild West Hackin' Fest UA-cam: / wildwesthackinfest
Active Countermeasures UA-cam: / activecountermeasures
Antisyphon Training UA-cam: / antisyphontraining
Starts at 39:00 you're welcome
Tanks!
Excellent content!
Even though I took the SANS Cloud Pentesting course last year, I'm seriously considering the BHIS course.
I did both courses. The Breaching the Cloud Course gets you way more for you money and does not fill content with basic pentesting stuff that basically everyone taking the SANS course already knows.
Thanks again BHIS for another great presentation. I can only assume the down votes are from bots. Keep up the great work!
there's always ONE. that ONE "person" who hates all the things.
Quality content as usual. There are some good resources out there on Azure security but this talk summarizes it exceptionally.
The 16 hr class was amazing, I still review notes.
Was also really helpful getting the CARTP cert