Microsoft Cloud Attack and Defense Bootcamp
Get hands-on experience with attacking and defending Azure & M365 in a live 4-week-long instructor-led bootcamp. Attempt the Microsoft Cloud Red Team Professional (MCRTP) certification and prove your skills.
Already enrolled? Access here
Microsoft Cloud Attack and Defense Bootcamp Overview
Microsoft Cloud is much more than just Azure!
This comprehensive 4-week bootcamp and its structured learning path provide students with foundational concepts, essential security tools and techniques, and instruction in attacking and defending Azure and Microsoft 365 environments.
Upon successfully completing the Microsoft Cloud Attack and Defense bootcamp and its associated learning path, you'll be prepared to demonstrate your skills in the exam lab. This fully hands-on, unproctored exam challenges you to apply your newfound expertise to complete an exploitation chain and get the flag.
The exam environment is dynamic, with the flag and scenario changing periodically to ensure the credibility of the Microsoft Cloud Red Team Professional (MCRTP) certification when applying for Azure security roles.
Prerequisites and key learning outcomes
You should know your way around the Windows or Linux command line! Familiarity with Azure is helpful but not required.
Students who successfully complete the 4-week bootcamp and structured learning path, and subsequently pass the exam to earn the Microsoft Cloud Red Team Professional (MCRTP) certification, have demonstrated proficiency in the following areas:
- Understanding key Azure, Entra ID and Microsoft Graph concepts
- Leveraging Azure resources to gain initial access and move laterally
- Using modern phishing frameworks to gain initial access
- Performing token abuse for lateral movement
- Hands-on purple teaming in Azure
- Increasing resource access through Office/Microsoft 365
- Exploiting Conditional Access Policy / MFA enablement gaps
- Attacking and defending Azure App Services
- Creating Azure and Microsoft 365 tenant security reports
- Detecting threats with Microsoft Sentinel
- Lateral Movement from Azure to on-premises AD, and back!
Azure & M365 security learning path
In addition to the live, instructor-led bootcamp, students get access to a fully structured learning path covering penetration testing in Azure and Microsoft 365. This includes access to selected premium Azure security labs.
If you aspire to become a penetration tester, red team operator or cloud security professional focused on Azure and M365, this learning path has been created for you!
- Lifetime access to the bootcamp recordings and custom content, and 45 days lab access. Lab access can be extended for $20 per month with a Pwned Labs Pro subscription.
- Complete the bootcamp and learning path to prepare for the Microsoft Cloud Red Team Professional (MCRTP) certification. More information on the bootcamp, learning path and MCRTP exam can be found on the FAQs page.
Focus on trending techniques and tradecraft
The Microsoft Cloud Attack and Defense bootcamp showcases trending techniques and tradecraft used by real threat actors, including Storm-0558 and APT-29. The realistic labs simulate actual company environments and active users across Azure and Microsoft 365, that you are likely to come across during engagements or in your own organization.
- Identify, replicate and detect tradecraft from recent cloud breaches
- Explore various methods to complete the same tasks and become tool-agnostic
- Learn how to evict threats and rotate/reset various forms of credentials
Get to know your trainer
Ian Austin is a security researcher and educator with a career spanning over 20 years in technical, security and leadership roles for global enterprises.
Ian was Head of Content at Hack The Box, a leading online platform for cybersecurity training and assessment. He also participated in the Green Team of Locked Shields, a NATO cyber defense exercise, contributing to the design and execution of realistic scenarios.
He is the founder of Pwned Labs, providing gamified and immersive cloud security labs for red and blue teams - https://pwnedlabs.io
What previous participants have said
Sessions schedule (November 2024 Batch)
This live bootcamp is delivered quarterly. The November batch of the Microsoft Cloud Attack and Defense Bootcamp runs for 4 weeks, starting November 9th through to November 30th. The 4-hour, instructor-led live classes will take place using Zoom, and in private chat channels available in the Pwned Labs Discord. You'll receive an email after purchase with all the information you need to participate, including a breakdown of each session.
Can't make a session? We've got you! A Zoom recording will be available to watch and catch up a couple of hours after the end of each session.
- Live session 1: Saturday, November 9 @ 5pm-9pm UTC
- Live session 2: Saturday, November 16 @ 5pm-9pm UTC
- Live session 3: Saturday, November 23 @ 5pm-9pm UTC
- Live session 4: Saturday, November 30 @ 5pm-9pm UTC
Microsoft Cloud Attack and Defense Bootcamp
Get hands-on experience with attacking and defending Azure & M365 environments in a live 4-week-long instructor-led bootcamp. Attempt the Microsoft Cloud Red Team Professional (MCRTP) certification and prove your skills.
Already enrolled? Access here
Microsoft Cloud Attack and Defense Bootcamp Overview
Microsoft Cloud is much more than just Azure!
This comprehensive 4-week bootcamp and its structured learning path provide students with foundational concepts, essential security tools and techniques, and instruction in attacking and defending Azure and Microsoft 365 environments.
Upon successfully completing the Microsoft Cloud Attack and Defense bootcamp and its associated learning path, you'll be prepared to demonstrate your skills in the exam lab. This fully hands-on, unproctored exam challenges you to apply your newfound expertise in the hunt for flags.
The exam environment is dynamic, with flags and scenarios changing periodically to ensure the credibility of the Microsoft Cloud Red Team Professional (MCRTP) certification when applying for Azure security roles.
Prerequisites and key learning outcomes
You should know your way around the Windows or Linux command line! Familiarity with Azure is helpful but not required.
Students who successfully complete the 4-week bootcamp and structured learning path, and subsequently pass the exam to earn the Microsoft Cloud Red Team Professional (MCRTP) certification, have demonstrated proficiency in the following areas:
- Understanding key Azure, Entra ID and Microsoft Graph concepts
- Leveraging Azure resources to gain initial access and move laterally
- Using modern phishing frameworks to gain initial access
- Performing token abuse for lateral movement
- Hands-on purple teaming in Azure
- Increasing resource access through Office/Microsoft 365
- Exploiting Conditional Access Policy / MFA enablement gaps
- Attacking and defending Azure App Services
- Creating Azure and Microsoft 365 tenant security reports
- Detecting threats with Microsoft Sentinel
- Lateral Movement from Azure to on-premises AD, and back!
Azure & M365 security learning path
In addition to the live, instructor-led bootcamp, students get access to a fully structured learning path covering penetration testing in Azure and Microsoft 365. This includes access to selected premium Azure security labs, as well as custom content created specifically for the learning pathway.
If you aspire to become a penetration tester, red team operator or cloud security professional focused on Azure and M365, this learning path has been created for you.
- Lifetime access to the bootcamp recordings and learning path content, including future content updates
- Complete the learning path to prepare for the Microsoft Cloud Red Team Professional (MCRTP) certification
Focus on trending techniques and tradecraft
The Microsoft Cloud Attack and Defense bootcamp showcases trending techniques and tradecraft used by real threat actors, including Storm-0558 and APT-29. The realistic labs simulate actual company environments and active users across Azure and Microsoft 365, that you are likely to come across during engagements or in your own organization.
- Identify, replicate and detect tradecrafts from recent cloud breaches
- Explore various methods to complete the same tasks and become tool-agnostic
- Learn how to evict threats and rotate/reset various forms of credentials
Get to know your trainer
Ian Austin is a security researcher and educator with a career spanning over 20 years in technical, security and leadership roles for global enterprises.
Ian was Head of Content at Hack The Box, a leading online platform for cybersecurity training and assessment. He also participated in the Green Team of Locked Shields, a NATO cyber defense exercise, contributing to the design and execution of realistic scenarios.
He is the founder of Pwned Labs, providing gamified and immersive cloud security labs for red and blue teams - https://pwnedlabs.io
Get to know your trainer
Ian Austin is a security researcher and educator with a career spanning over 20 years in technical, security and leadership roles for global enterprises.
Ian was Head of Content at Hack The Box, a leading online platform for cybersecurity training and assessment. He also participated in the Green Team of Locked Shields, a NATO cyber defense exercise, contributing to the design and execution of realistic scenarios.
He is the founder of Pwned Labs, providing gamified and immersive cloud security labs for red and blue teams - https://pwnedlabs.io
Sessions schedule (November 2024 Batch)
This live bootcamp is delivered quarterly. The August batch of the Microsoft Cloud Attack and Defense Bootcamp runs for 4 weeks, starting November 9th through to November 30th. The 4-hour, instructor-led live classes will take place using Zoom, and in a private chat channel available in the Pwned Labs Discord. You'll receive an email after purchase with all the information you need to participate, including a breakdown of each session.
Can't make a session? We've got you! A Zoom recording will be available to watch and catch up a couple of hours after the end of each session.
- Live session 1: Saturday, November 9th @ 5pm-9pm UTC
- Live session 2: Saturday, November 16th @ 5pm-9pm UTC
- Live session 3: Saturday, November 23rd @ 5pm-9pm UTC
- Live session 4: Saturday, November 30th @ 5pm-9pm UTC