Adversary Perspectives: Azure - February 2026 (Virtual; ET)

Before you can emulate or defend against the tactics of an adversary operating in Azure, first you must understand their perspective. How do premiere security operators view Azure’s infrastructure components, common architecture designs, and security controls? Through hands-on labs, this course teaches participants how to identify misconfigurations in Azure that are commonly leveraged by attackers. Participants should expect to walk away from Adversary Perspectives: Azure with a strong foundation of Azure security knowledge and first step on their journey of attacking or defending corporate Azure and Entra (Azure AD) environments. 

Course Summary

Organizations have their heads in the clouds, or at least their infrastructure. Gone are the days of on-prem domain controllers and Exchange servers. Microsoft’s Azure provides organizations with the ability to deploy cloud hosts and services to augment, or in some cases, replace existing functionality completely. All of these new cloud assets need protection, both through traditional defensive security measures, and offensive security assessments. For new and veteran security professionals alike, understanding how these new technologies work and the nuances of securing them can quickly become complicated. 

Adversary Perspectives: Azure aims to provide participants without previous Azure experience with a solid understanding of how attackers look at Microsoft Azure, its authentication mechanisms, and how they commonly attack Azure-based environments. 

Course Syllabus

Day 1 

• Class Introduction 

• Azure Basics 

• Accounts and Identities 

• Roles 

• Groups 

Day 2 

• Function Apps 

• Microsoft 365 

• Virtual Machines 

• MS Graph 

Day 3 

• Hybrid Authentication 

• Azure Authentication Flows 

• OAuth 

• Passwordless Authentication 

• Multi-Factor Authentication 

Day 3 

• OAuth 

• Authentication Methods in Azure 

• Credential and Identity Sync Mechanisms

Day 4

• Conditional Access Policies 

• External Information Gathering 

• Credential Collection 

• Attack Lifecycle 
  

Participant Requirements

Adversary Perspectives: Azure is the first installment in the SpecterOps Adversary Perspectives series. Known for our Adversary Tactics courses, we realized that there is often a gap of understanding that needs to be bridged before a practitioner is ready to start taking offensive or defensive actions in a particular environment. While other courses aim to simply build basic knowledge from a general user standpoint, this Adversary Perspectives class looks to teach security professionals from the viewpoint of an attacker. Don’t just look at your security posture in Azure, actually understand the abuse mechanisms and holistic security of your deployment. Participants will build on this knowledge through an understanding of how Azure architectures, like solely cloud-based environments or hybridized on-premises and Azure environments, can affect the overall security of an environment. Throughout the course, participants will reinforce what they learn through hands-on labs and instruction given by SpecterOps practitioners. 

FAQs

How can I contact the organizer with any questions?

Please email training@specterops.io with any questions.  

What's the refund policy?

Full refunds will be provided up to 7 days before the course start date.

What are the hardware requirements for attending the course?

Courses are based in the SpecterOps training portal and accessible via an internet connection; no VMs are required for labs. The following are recommended hardware requirements:

• Internet Connection

• 8GBs of RAM

• Modern Web Browser capable of rendering HTML5