Register Now
Azure & Microsoft Security!
28 June 2025

Azure & Microsoft Security!

Location

offline
Microsoft Office, Mumbai

Speaker

2 Professional
Speakers

Days:

1 Day

About

Haxnation Mumbai is more than just a meetup, it’s a community-driven cybersecurity hub that merges expert-led sessions, real-world CTF practice, open-source innovation, and networking anchored in strategic events across Mumbai. A great platform if you're seeking to learn, connect, and contribute to India’s infosec ecosystem.

"Learn, Build, Connect" is the heart of every Haxnation Mumbai Meetup.

It's not just a sessions, it’s a grassroots movement to grow India’s cyber talent through community-powered action.

🧩 Who Should Attend?

Aspiring ethical hackers, SOC analysts, malware researchers, Bug bounty hunters, cloud security engineers, GRC folks, Students, bootcamp grads, and working professionals

TL;DR:
If you’re passionate about cybersecurity and want to level up your skills, meet cool people, and contribute to the community, Haxnation Mumbai is the place to be.

Benefits

  • Skills Enhancement
  • Hands-on CTF Experience
  • Expert-Led Talks
  • Community Networking
  • Career Growth Opportunities

Azure & Microsoft Security!

Date: 28 June
Timing: 11:00 AM - 1:00 PM
Location: offline
Microsoft Office, Mumbai
Speaker: 2 Professional
Speakers
Days: 1 Day

Speakers

Shashank Mishra
Shashank Mishra
Security Researcher, Security Brigade
Chirag Savla
Chirag Savla
Senior Cloud Security Engineer, White Knight Labs

Schedule

11:00 AM - 12:00 PM
CloudCrack’d Azpocalypse - Pawning and weaponising Azure Misconfigs

The cloud isn’t just someone else’s computer—it’s someone else’s blast radius. In this electrifying session, I dive into real-world offensive research conducted on Microsoft Azure, dissecting the overlooked misconfigurations, insecure defaults, and identity traps that attackers are quietly exploiting at scale. From abusing Azure service principals to weaponizing Managed Identities and stealthy persistence through OIDC federation abuse, this talk unpacks how attackers can laterally move, escalate privileges, and maintain near-invisible persistence within a cloud-native environment. Expect live demos, PoCs, and tales from the trenches—of pentests that went from 0 to GlobalAdmin and cloud engagements where a single overlooked permission became a cloud-wide compromise.

Shashank Mishra

Security Researcher, Security Brigade

12:00 PM - 1:00 PM
Conditional Access Policy Bypass 101

Conditional Access Policies (CAP) are often seen as the gatekeepers of identity security in Microsoft Entra (Azure AD) environments but what if those gates aren't as secure as they seem? This session takes a purely offensive approach to understanding and bypassing CAP. We'll break down how these policies work, uncover common misconfigurations, and demonstrate how features like Intune, legacy authentication, token replay, and trusted device spoofing can be exploited to sidestep enforced controls. If you're a red teamer or offensive security enthusiast looking to expand your arsenal in cloud environments, this talk will arm you with practical techniques and real-world scenarios to abuse Conditional Access Policies (CAP).

Chirag Savla

Senior Cloud Security Engineer, White Knight Labs

Partners

Partners