No announcement yet.

AzureGoat:Damn Vulnerable Azure Infrastructure-Nishant, Rachna Learn/teach/practice Azure pentesting

  • Filter
  • Time
  • Show
Clear All
new posts

  • AzureGoat:Damn Vulnerable Azure Infrastructure-Nishant, Rachna Learn/teach/practice Azure pentesting

    AzureGoat: Damn Vulnerable Azure Infrastructure

    Nishant Sharma Rachna Umraniya

    Microsoft Azure cloud has become the second-largest vendor by market share in the cloud infrastructure providers (as per multiple reports), just behind AWS. There are numerous tools and vulnerable applications available for AWS for the security professional to perform attack/defense practices, but it is not the case with Azure. There are far fewer options available to the community. AzureGoat is our attempt to shorten this gap by providing a ready-to-deploy vulnerable setup (vulnerable application + misconfigured Azure components + multiple attack paths) that can be used to learn/teach/practice Azure cloud environment pentesting.

    Nishant Sharma is a Security Research Manager at INE, where he manages the development of next-generation on-demand labs. Before INE, he worked as R&D Head of Pentester Academy (Acquired by INE), where he led a team of developers/researchers to create content and platform features for AttackDefense. He has also developed multiple gadgets for WiFi pentesting/monitoring such as WiMonitor, WiNX, and WiMini. With over 9+ years of experience in development and content creation, he has conducted trainings/workshops at Blackhat Asia/USA, HITB Amsterdam/Singapore, OWASP NZ day, and DEFCON USA villages. He has presented/published his work at Blackhat USA/Asia Arsenal, DEFCON USA/China, Wireless Village, Packet Village and IoT village. He has also conducted WiFi Pentesting training at Blackhat USA 2019, 2021. He had started his career as a firmware developer at Mojo Networks (Acquired by Arista) where he worked on new features for the enterprise-grade WiFi APs and maintenance of state-of-the-art WIPS. He has a Master degree in Information Security from IIIT Delhi. He has also published peer-reviewed academic research on HMAC security. His areas of interest include WiFi, Azure, and Container security.

    Rachana Umaraniya is a Cloud Developer at INE and has two years of experience in software development. She specializes in building applications with Java frameworks and is well versed with databases. She has a Master's degree in Computer Science from NIT Hamirpur. Her area of interest includes cloud security, cryptography, web application, and docker security.

  • #2
    This is really cool. Thank you for putting this together.


    • number6
      number6 commented
      Editing a comment
      I did not create this demolab: I only posted the details for the people that were running it and presenting it.