Cloud Penetration Testing with Azure - Master Initial Access

Name: Cloud Penetration Testing with Azure - Master Initial Access
Rating: 4.5 (492 reviews)

Become a cybersecurity expert with hands-on ethical hacking in Azure, using cloud-focused penetration testing techniques

Created byPavel Hrabec

Last updated 3/2026

English

What you'll learn

Set up and utilize phishing frameworks to bypass MFA
Implement device code phishing techniques
Create a pentesting lab for blob hunting
Identify domain names using different methods and tools
Understand Microsoft Entra ID and conduct reconnaissance from an outsider's perspective
Explore user enumeration techniques and Azure permissions in detai
Learn to protect against initial access threats
Implement conditional access policies
Safeguard cloud environments
Engage in practical labs and exercises to apply learned techniques
Utilize a variety of tools, including AAD Internals, O365Spray, EvilGinx, GraphSpy, and more.
Set up and exploit cloud environments to gain practical hacking experience
Modify and adapt techniques to launch powerful attacks in diverse scenarios.
Build a strong foundation in ethical hacking and penetration testing, specifically for Azure environments.
Analyze and exploit Azure Cloud

Course content

5 sections • 46 lectures • 3h 5m total length

Introduction1:37
Explore cloud penetration testing by building a hands-on lab, performing reconnaissance, testing brute force, password spray, and phishing, and blob hunting to identify initial access and insecure storage.

Kickstarting Your Pentesting Lab with FREE Microsoft 365 in Azure6:18
Secure Your Admin Pentesting Account2:07
Activate Free Azure Subscription with 200$ FREE Credit2:17
Setting Up Entra ID User Accounts for Effective Pentesting7:39
Set up Entra ID user accounts for pentesting with a PowerShell script, install the Azure AD PowerShell module, configure prerequisites, create users, enforce MFA, and verify in the Azure portal.

Domain Name Discovery: Methods and Tools1:17
Introduction to AAD Internals4:01
Essential Methods for Getting Domains2:11
Enumerate an organization's domains using get add internet domains and Autodiscover to reveal Microsoft 365 exchange online domains, such as Cisco and Meraki, highlighting potential phishing risks from spoofed domains.
Accessing OpenID Information Made Simple2:28
Microsoft Entra ID Explained2:27
Reconnaissance of Azure from an Outsider's Perspective4:11
Microsoft Entra ID Roles and Azure Permissions Explained5:53
Understanding Naming Convention Essentials1:45
Understand various naming conventions for user and administrative accounts, including dots, letters, and prefixes like ADM-, and learn to replicate a schema for enumeration in a pen test environment.
Exploring User Enumeration as an Outsider2:25
Conducting User Enumeration on Multiple Accounts from Outside1:20

Understanding Brute Force Attack Technique2:58
Explore brute force and password spray as methods to gain account access, and learn how Azure's smart lockout and long passwords protect against such attacks.
Password Spray Attacks Explained2:20
Step-by-Step Guide Performing a Password Spray Attack16:05
Introduction to Phishing Framework to Bypass MFA1:06
Understanding the Prerequisites for Phishing Lab0:54
Setting Up Infrastructure for EvilGinx4:04
Evilginx Installation Guide for Pentesters9:41
Setting Up MFA Before Phishing Attempt2:29
Executing Phishing Attacks Using EvilGinx4:53
Device Code Phishing Techniques2:15
Understanding GraphSpy: Overview and Application3:00
GraphSpy Installation and Configuration3:18
Executing Device Code Phishing Attacks6:49
Introduction to Storage Hunting0:49
Cloud Storage Account Explained4:12
Creating Pentesting Lab for Blob Hunting3:56
Setting up Pentesting Tool to Exploit Blob Storage2:16
Set up the microburst pentesting tool in Azure to hunt for blob storage, after installing prerequisites, cloning the repository, and importing the modules in Visual Studio Code.
How to Exploit Cloud Storage Account4:39
Explore how to enumerate Azure blobs, identify storage accounts and containers, and retrieve blob data to assess exposure of sensitive information.
Other Tools for Blob Hunting2:55
Predictable Resource Location Attack with FeroxBuster4:15
Demonstrates a predictable resource location attack in cloud testing with Azure, using FeroxBuster to scan a domain with a word list and reveal a secret file inside a public container.

Initial Access Threat Protection0:27
Strengthening Your Security Against Brute Force Attacks5:57
Block brute force sign-ins with smart lockout policies and conditional access by location, then use identity protection, password protection, and Microsoft Sentinel to detect and respond to threats.
Password Spray Attack Prevention3:01
Techniques and Tools to Prevent Phishing Attack4:13
Protection against EvilGinx4:27
Explore modern phishing threats like EvilGinx and defend with training, multi-factor authentication, and conditional access policies that enforce token protection and device and location checks for privileged access.
Conditional Access Policies Explained7:04
Advantage of Identity Protection2:01
Demonstrate identity protection in Microsoft Entra id p2, evaluating sign in risk from location, device, and app to enforce conditional access and block high risk access with low false positives.
Device Code Abuse Protection2:20
Implementation of Conditional Access13:03
Explore how to configure conditional access policies in the Azure portal, including named locations, IP ranges, phishing resistant MFA, device conditions, and policy assignment scopes.
Protection Against Blob Hunting7:41
BONUS: Become AI Security Expert4:08

Requirements

Interest in Cybersecurity
Willingness to Learn
Basic Understanding of Networking

Description

Welcome to "Cloud Penetration Testing with Azure - Master Initial Access," your ultimate guide to mastering cloud-specific penetration testing and ethical hacking in Microsoft Azure. Designed for all skill levels, this course combines comprehensive theoretical knowledge with hands-on practical exercises to enhance your cloud security expertise with NO prior cloud knowledge required.

This course is ideal for both beginners and experienced cybersecurity professionals looking to deepen their knowledge and skills in cloud security.

We begin by setting up your pentesting lab environment using FREE Microsoft 365 and Azure subscriptions. You'll secure admin accounts, configure Entra ID user accounts, and leverage tools like AAD Internals for effective reconnaissance and target identification.

Our focus then shifts to mastering initial access techniques within Azure environments. You'll master methods such as brute force attacks, password spraying, and sophisticated phishing strategies using tools like EvilGinx and GraphSpy.

You will exploit Azure cloud storage by setting up a pentesting lab for blob hunting, using tools like MicroBurst and ForexBuster to perform predictable resource location attacks.

Throughout the course, you'll use a variety of powerful tools, including PowerShell scripts to setup lab for penetration testing.

You will learn how to use following tools:

AAD Internals
O365Spray
Evilginx
GraphSpy
MicroBurst
FeroxBuster
and more...

The practical approach ensures you can apply your skills directly to Azure environments.

By the end of this course, you'll have a solid foundation in cloud penetration testing, equipping you with the knowledge and tools to detect, prevent, and secure cloud environment effectively.

Who this course is for:

Cybersecurity Architects
Penetration Testers
Cybersecurity Professionals
Cloud Architects
Cloud Security Engineers
Ethical Hackers
Anybody interested in Cloud Security
Anyone interested in Ethical Hacking

Cloud Penetration Testing with Azure - Master Initial Access

What you'll learn

Explore related topics

Course content

Introduction1 lecture • 2min

Setting Up Your Pentesting Lab Environment4 lectures • 18min

Azure Reconnaissance - Identifying Targets and Gathering Intel10 lectures • 28min

Cracking the Cloud - Initial Access Techniques in Azure20 lectures • 1hr 23min

Cloud Security Options for Mitigation and Prevention11 lectures • 54min

Requirements

Description

Who this course is for: