Azure Penetration Testing Learning Roadmap

Start Here
|
+- [?] Complete SC-900: Microsoft Security, Compliance, and Identity Fundamentals
|
+- [?] Finish PwnedLabs Hands-On Labs
|     |
|     +- [✗] Azure Blob Container to Initial Access
|     +- [✗] Intro to Azure Recon with BloodHound
|     +- [✗] Unlock Access with Azure Key Vault
|     +- [✗] Loot Exchange, Teams, and SharePoint with GraphRunner
|     +- [✗] Unmask Privileged Access in Azure
|     +- [✗] Azure Recon to Foothold and Profit
|     +- [✗] Bypass Azure Web App Authentication with Path Traversal
|     +- [ ] Execute Azure Credential Shuffle to Achieve Objectives
|     +- [ ] Phished for Initial Access
|     +- [ ] Exploit SQL Injection in Azure Function App
|     +- [ ] Passwordless Credentials for Access and Escalation
|     +- [ ] Abuse Dynamic Groups in Entra ID for Privilege Escalation
|     +- [ ] Bypass Azure MFA with Evilginx
|
+- [?] Read "Penetration Testing Azure for Ethical Hackers"
|
+- [ ] Pursue Additional Certifications
|     |
|     +- [ ] AZ-104: Microsoft Azure Administrator
|     +- [ ] AZ-500: Microsoft Azure Security Technologies
|     +- [ ] AZ-303/304: Microsoft Azure Architect Technologies/Design
|  
+- [ ] Pursue Pentest Practical Certifications
|     |
|     +- [?] CARTP - Altered Security
|     +- [ ] Attacking and Defending Azure & M365 - XINTRA
|     +- [ ] MCRTP - PwnedLabs
+- [✗] Build Your Portfolio
|
+- [ ] Interview Preparation

? - In Progress
✗ - Completed
  - Pending