Security Training: Hacking and Hardening Microsoft Azure

Conference Details

Technical talks & CTF

Date: Saturday 7th of October 2023

Location: Cyprus University of Technology

Security Training Details

Title: Hacking and Hardening Microsoft Azure

Date: Thursday 5th & Friday 6th of October 2023

Location: To be announced

Course Description

Azure services adoption has increased dramatically in recent years. Similarly, cloud-based attacks have seen a steady increase as reported by Microsoft, Mandiant and other security vendors. However, with over 200 services, Azure can be overwhelming to both red and blue teams. This means, there is no shortage of misconfigurations that are open to abuse.

In this two-day training, we will take a dive into the most commonly abused Azure services, how threat actors hack them, and how administrators can harden them.

We will follow threat actor attack chains including:

The training will cover hacking and hardening of services such as:

Who is the Training For?

This training is suitable for the following individuals:

Student Prerequisite Knowledge and Setup

This is a beginner to intermediate course. No prior knowledge is required.

All labs are in the cloud. Students need to bring their own laptop.

Labs are accessible on high RDP ports. Students must ensure outbound access is allowed from their laptops.

On day 2, students will be using their own subscription. Details on how to create one will be provided.


Khalifa (@kha1ifuzz)
Khalifa started his Penetration Testing career in 2014. He is a founder of Offensivebits and Malcrove, companies specializing in Managed Cyber Defense and Offensive Security services. He has led more than 60 projects in Penetration Testing and Red Teaming. Khalifa has worked as a Strategic Technical Advisor to many organizations in the UAE and has participated in the development of Penetration Testing tools and vulnerability discovery. He has also been an assistant trainer at the BlackHat course "Attacking and Securing APIs" and is regularly invited to deliver talks and workshops.

Tarek (@DeanOfCyber)
Tarek holds an MSc. in Information Security and is the technical advisor for GISEC, the largest security conference in the Middle East. He started his career as a security consultant in the UK, delivering penetration tests for companies like BBC, Sky, Heinz, Ericsson, and BT. He later worked as a senior penetration tester for Verizon in Dubai and led security operations at the largest media organization in the Middle East. Currently, he is a subject matter expert working with a leading security vendor. Tarek has delivered trainings to thousands of students both online and offline and actively contributes to the community through various events and mentoring programs.

Payment details

The training will take place in a professional setting at a hotel in Limassol (to be announced soon). Coffee and lunch breaks will be provided during the training by the organizing entity. The cost for this 2-day training is $1550 per student. For groups of more than 3 students, a discounted price of $1400 per student will apply. Payments will be handled directly by the organizing entity of the training. There are two options available for payment:

If you need any assistance or further info about the training, feel free to drop us a message at recon [at] bsidescyprus [dot] com.


BSidesCyprus does not make profit from the course. Our aim is to help educate professionals from the community by providing renowned security trainings. In case of unforeseen/unexpected events that will not allow the event to be held in-person, the training will be virtual/online. Students who have already enrolled for the in-person training and do not wish to follow the virtual one, will be eligible for full refund.