HITCON Training 2026 - Entra ID and Azure Attack Foundations

# HITCON Training 2026 - Entra ID and Azure Attack Foundations

Private working repo for the accepted HITCON Training 2026 course:

> 學會 Entra ID 與 Azure 攻擊基礎的第一堂課

## Source Links

- Notion course page: https://www.notion.so/12ee326ed8948094be0fdfb6a45577a3
- Parent data source: `課程整理`

## Course Facts

- Event: HITCON Training 2026
- Date: 2026-08-13
- Length: 6 hours
- Instructors: John Jiang, Echo Lee
- Audience: IT/security practitioners with Entra ID or Microsoft 365 exposure

## Working Structure

- `plan/` - course plan, slide plan, lab build plan
  - `course-outline.md` - extracted Notion course outline and teaching spine
  - `material-production-standard.md` - repo-level goal, source rules, and acceptance criteria
  - `slide-build-checklist.md` - chapter-by-chapter production checklist
  - `teaching-flow.md` - 6-hour teaching rhythm and module depth decisions
- `slides/` - slide sources and speaker notes
  - `student/` - student-visible OpenSlide-ready Markdown
  - `speaker-notes/` - instructor-only notes mapped to slide decks
  - `openslide/` - OpenSlide display/export contract
- `labs/` - student lab steps and instructor runbooks
- `handouts/` - student learning guides for in-class reference
- `references/` - source notes, links, and citations
  - `source-map.md` - source IDs mapped to official docs and research references
- `assets/` - diagrams, screenshots, and generated visuals

## Initial Course Spine

1. Entra ID and Azure fundamentals
2. Initial access: password spraying, OAuth/device code phishing
3. Recon and environment enumeration
4. Lateral movement through Entra ID roles, app roles, and cross-tenant paths
5. Azure resource abuse: Storage, Key Vault, managed identity, VM paths
6. Security boundary discussion: Conditional Access, MFA, device compliance, and bypass limits

Keep this repo focused on the Entra ID / Azure course. The AD-heavy 2026 course remains in the separate `CyberSec_Training` material tree.