Penetration Testing Azure for Ethical Hackers: Develop practical skills to perform pentesting and risk assessment of Microsoft Azure environments - Softcover

David Okeyode; Karl Fosaaen

 
9781839212932: Penetration Testing Azure for Ethical Hackers: Develop practical skills to perform pentesting and risk assessment of Microsoft Azure environments
Softcover
ISBN 10: 1839212934 ISBN 13: 9781839212932
Publisher: Packt Publishing, 2021

Synopsis

Simulate real-world attacks using tactics, techniques, and procedures that adversaries use during cloud breaches

Key Features

  • Understand the different Azure attack techniques and methodologies used by hackers
  • Find out how you can ensure end-to-end cybersecurity in the Azure ecosystem
  • Discover various tools and techniques to perform successful penetration tests on your Azure infrastructure

Book Description

“If you’re looking for this book, you need it.” — 5* Amazon Review

Curious about how safe Azure really is? Put your knowledge to work with this practical guide to penetration testing.

This book offers a no-faff, hands-on approach to exploring Azure penetration testing methodologies, which will get up and running in no time with the help of real-world examples, scripts, and ready-to-use source code.

As you learn about the Microsoft Azure platform and understand how hackers can attack resources hosted in the Azure cloud, you'll find out how to protect your environment by identifying vulnerabilities, along with extending your pentesting tools and capabilities.

First, you’ll be taken through the prerequisites for pentesting Azure and shown how to set up a pentesting lab. You'll then simulate attacks on Azure assets such as web applications and virtual machines from anonymous and authenticated perspectives.

In the later chapters, you'll learn about the opportunities for privilege escalation in Azure tenants and ways in which an attacker can create persistent access to an environment.

By the end of this book, you'll be able to leverage your ethical hacking skills to identify and implement different tools and techniques to perform successful penetration tests on your own Azure infrastructure.

What you will learn

  • Identify how administrators misconfigure Azure services, leaving them open to exploitation
  • Understand how to detect cloud infrastructure, service, and application misconfigurations
  • Explore processes and techniques for exploiting common Azure security issues
  • Use on-premises networks to pivot and escalate access within Azure
  • Diagnose gaps and weaknesses in Azure security implementations
  • Understand how attackers can escalate privileges in Azure AD

Who this book is for

This book is for new and experienced infosec enthusiasts who want to learn how to simulate real-world Azure attacks using tactics, techniques, and procedures (TTPs) that adversaries use in cloud breaches. Any technology professional working with the Azure platform (including Azure administrators, developers, and DevOps engineers) interested in learning how attackers exploit vulnerabilities in Azure hosted infrastructure, applications, and services will find this book useful.

Table of Contents

  1. Azure Platform and Architecture Overview
  2. Building Your Own Environment
  3. Finding Azure Services and Vulnerabilities
  4. Exploiting Reader Permissions
  5. Exploiting Contributor Permissions on IaaS Services
  6. Exploiting Contributor Permissions on PaaS Services
  7. Exploiting Owner and Privileged Azure AD Role Permissions
  8. Persisting in Azure Environments

"synopsis" may belong to another edition of this title.

About the Author

David Okeyode is a cloud security architect at the Prisma cloud speedboat at Palo Alto Networks. Before that, he was an independent consultant helping companies secure their cloud environments through private expert-level training and assessments. He holds 15 professional certifications across the Azure and AWS platforms, including the Azure Security Engineer, Azure DevOps, and AWS Security Specialist certifications. He has also authored two cloud computing courses for the popular cybersecurity training platform Cybrary.

David has over a decade of experience in cybersecurity (consultancy, design, and implementation) and over 6 years of experience as a trainer. He has worked with organizations of different sizes, from start-ups to major enterprises to government organizations.

David has developed multiple vulnerable-by-design automation templates that can be used to practice cloud penetration testing techniques. He regularly speaks about cloud security at major industry events, such as Microsoft Future Decoded and the European Information Security Summit.

David is married to a lovely girl who makes the best banana cake in the world. They love traveling the world together and intend to do missions in Asia very soon!

As a Practice Director at NetSPI, Karl leads the Cloud Penetration Testing service line and oversees NetSPI’s Portland, OR office. Karl holds a BS in Computer Science from the University of Minnesota and has over a decade of consulting experience in the computer security industry. Karl spends most of his research time focusing on Azure security and contributing to the NetSPI blog. As part of this research, Karl created the MicroBurst toolkit on GitHub to house many of the PowerShell tools that he uses for testing Azure.

"About this title" may belong to another edition of this title.

Publisher
Packt Publishing
Publication date
2021
Language
English
ISBN 10 
1839212934
ISBN 13 
9781839212932
Binding
Paperback
Number of pages
352