In this Black Hills Information Security (BHIS) webcast, you will learn tools and techniques for performing penetration tests against Microsoft Azure environments.

Increasingly, more organizations are migrating resources to being hosted in the cloud. With this comes a greater potential for misconfiguration if there isn’t a solid understanding of the attack surface. While there are many similarities between traditional on-premises pentesting and cloud-based pentesting, the latter is an animal of its own. This webcast attempts to clear up some of the fogginess around cloud-based pentesting, specific to Microsoft Azure environments, including Microsoft 365.

In order to adequately determine the attack surface, the appropriate coverage areas are highlighted. Differences between Azure resources and Microsoft 365 can oftentimes be confusing but knowing these differences is key to helping you pivot and escalate privileges. Conditional access policies are great for defining different scenarios for how users can authenticate securely but can also be misconfigured. There are security protections for stopping certain password attacks but some of these can be bypassed. Ultimately, a methodology for testing Azure environments along with tools and techniques are presented in this talk.

00:00 – FEATURE PRESENTATION: Getting Started in Pentesting the Cloud – Azure

02:32 – WHOAMI (https://www.nobandwidth.io)

03:20 – Talk Roadmap

05:33 – Why Azure?

08:06 – Identifying Attack Surface

12:50 – Recon & External Attacks

19:31 – Password Attacks

21:37 – Password Protection & Smart Lockout

23:05 – Authentication

26:52 – Conditional Access Policies & MFA

34:11 – Post Compromise