Technical talks & CTF
Date: Saturday 7th of October 2023
Location: Cyprus University of Technology
Title: Hacking and Hardening Microsoft Azure
Date: Thursday 5th & Friday 6th of October 2023
Location: To be announced
Azure services adoption has increased dramatically in recent years. Similarly, cloud-based attacks have seen a steady increase as reported by Microsoft, Mandiant and other security vendors. However, with over 200 services, Azure can be overwhelming to both red and blue teams. This means, there is no shortage of misconfigurations that are open to abuse.
In this two-day training, we will take a dive into the most commonly abused Azure services, how threat actors hack them, and how administrators can harden them.
We will follow threat actor attack chains including:
The training will cover hacking and hardening of services such as:
This training is suitable for the following individuals:
This is a beginner to intermediate course. No prior knowledge is required.
All labs are in the cloud. Students need to bring their own laptop.
Labs are accessible on high RDP ports. Students must ensure outbound access is allowed from their laptops.
On day 2, students will be using their own subscription. Details on how to create one will be provided.
Khalifa (@kha1ifuzz)
Khalifa started his Penetration Testing career in 2014. He is a founder of Offensivebits and Malcrove, companies
specializing in Managed Cyber Defense and Offensive Security services. He has led more than 60 projects in
Penetration Testing and Red Teaming. Khalifa has worked as a Strategic Technical Advisor to many organizations
in the UAE and has participated in the development of Penetration Testing tools and vulnerability discovery.
He has also been an assistant trainer at the BlackHat course "Attacking and Securing APIs" and is regularly
invited to deliver talks and workshops.
Tarek (@DeanOfCyber)
Tarek holds an MSc. in Information Security and is the technical advisor for GISEC, the largest security
conference in the Middle East. He started his career as a security consultant in the UK, delivering penetration
tests for companies like BBC, Sky, Heinz, Ericsson, and BT. He later worked as a senior penetration tester for
Verizon in Dubai and led security operations at the largest media organization in the Middle East. Currently, he
is a subject matter expert working with a leading security vendor. Tarek has delivered trainings to thousands of
students both online and offline and actively contributes to the community through various events and mentoring
programs.
The training will take place in a professional setting at a hotel in Limassol (to be announced soon). Coffee and lunch breaks will be provided during the training by the organizing entity. The cost for this 2-day training is $1550 per student. For groups of more than 3 students, a discounted price of $1400 per student will apply. Payments will be handled directly by the organizing entity of the training. There are two options available for payment:
BSidesCyprus does not make profit from the course. Our aim is to help educate professionals from the community by providing renowned security trainings. In case of unforeseen/unexpected events that will not allow the event to be held in-person, the training will be virtual/online. Students who have already enrolled for the in-person training and do not wish to follow the virtual one, will be eligible for full refund.