Cloud Red Team Tactics for Attacking & Defending Azure - Advanced 2025

Cloud Red Team Tactics for Attacking & Defending Azure - Advanced​

Azure is widely used by enterprises for a variety of purposes. There is a huge offering of services across various categories in Azure - Identity, Compute, Networking, Storage, Databases, Analytics, Security and many more.



Azure, like any other cloud, changes rapidly and Microsoft keeps adding new defenses both as improvements and new security service offerings.



This advanced class is designed to help security professionals to understand, analyze and practice attacks in an enterprise-like live Azure environment that has effective security controls in place.

The class also focuses on abuse of JWT signing, Family of Client IDs (FOCI), Attribute Based Access Control (ABAC), Temporary Access Password (TAP), Custom Claims, Cross Tenant Access, Azure Lighthouse, Azure ARC, Multi-Cloud Access, Tokens form Office Applications and traffic and Abuse of Kerberos in Entra ID.



Knowing how to attack and defend Azure is a highly sought after skill. Being able to do that against a secure environment is even more critical. This capability demonstrates a deep understanding of Azure red teaming concepts! This class aims to take your Azure Red Team skills to the next level.

What's Included​

• Access to a multi-tenant lab (One/Two/Three months) with live Azure environment. Lab can be accessed using a web browser or VPN.
• A ready to use student VM in the cloud that has all the tools pre-installed.
• Life time access to all the learning material (including course updates).
• 16+ hours of video course with English captions.
• Course slides.
• Lab manual.
• Kill chain diagrams.
• Walk-through videos.
• One exam attempt for Certified by Altered Security Red Team Expert for Azure (CARTE).
• Support on email and Discord.

What will you Learn?​

You will be able to practice and sharpen popular tactics, techniques and procedures (TTPs) for Azure environments. In addition, you will learn how to bypass security controls like Advanced Conditional Access Policies, Multiple ways to bypass MFA that is enforced using different methods, Privileged Identity Management (PIM) and Microsoft Defender for Cloud.



A true step-up in Azure red team training, this course and HUGE lab helps you in understanding and executing some unique and advanced attacks when industry-recommended defenses are actively configured.

• The course lab runs on a live Azure environment. Therefore, whatever you learn in the lab is immediately applicable to your job.
• Practice attacks on Azure in a unique live lab environment that has multiple Azure tenants, different resources including hybrid identity and on-prem infrastructure and access to Defender for Cloud for Azure resources.
• The lab environment makes heave use of recommended security features like Conditional Access Policies, MFA and Defender for Cloud. You learn how to evade these defenses.
• There are 4 independent ‘Kill Chains’ included in the lab environment! Students can play for hours and solve the lab with different approaches.
• The lab has multiple User simulations for practicing attacks like Device Code Phishing, Illicit Consent Grant, AiTM phishing and other attacks.
• The focus of the course and lab is abuse of features. This means that whatever you learn in the course would have a very long shelf life.
• Understand the defenses available to counter the discussed attacks and analyze the footprints of the attackers!