Real-World Offensive Security: Red Teaming LLMs, Microsoft Entra ID & Android
Date: September 24, 2025 (GMT +8)
Time: 08:30
TRACK 4
HUMAN+
TRAINING
This hands-on offensive security training focuses on real-world attack surfaces across three modern and highly targeted areas: Large Language Models (LLMs), Microsoft Entra ID, and Android Applications. Designed for red teamers, security professionals, and tech-savvy defenders, this training combines practical theory with 20+ hands-on labs to simulate actual attack scenarios and strengthen offensive capabilities.
The training begins with an introduction to LLMs, covering how they work, the data and techniques behind their training, and the real-world applications driving their rapid adoption. It also explores the security challenges associated with deploying LLMs. Participants will then dive into LLM attack simulations, gaining hands-on experience with threats like prompt injection, system prompt extraction, sensitive information disclosure, and model manipulation.
The second section introduces Microsoft Entra ID (formerly Azure AD) — Microsoft’s cloud-based identity and access management solution. The session covers its architecture, key components, RBAC, licensing, and how it differs from traditional on-prem Active Directory. The practical component focuses on pentesting Entra ID, including enumeration using tools like ROADrecon and AzureHound, password spraying with MSOLSpray, token and cookie-based attacks, and exploiting misconfigurations in Entra Connect and privileged accounts.
The final part of the training covers Android application pentesting, beginning with an overview of the Android architecture, common attack surfaces, and testing methodologies. Through deep-dive labs, participants will explore real-world attack scenarios such as bypassing SSL pinning and root detection, reverse engineering Flutter apps, exploiting IPC mechanisms, analyzing insecure storage, and performing advanced tampering involving Smali code and exploitation with Metasploit.
By the end of the training, participants will walk away with practical red teaming techniques and offensive knowledge applicable to AI systems, cloud identity platforms, and mobile environments.
Trainer
G Khartheesvar G Khartheesvar is a Software Engineer at INE, specializing in web application security, network penetration testing, and cloud security. With experience in Red Teaming and Blue Teaming, he works across both offensive and defensive security disciplines. He has published research at Black Hat Asia and is a core contributor to the open-source project ThreatSeeker, which helps security professionals detect and analyze threats using Windows event logs. He holds a Dual Degree (Bachelor of Technology & Master of Technology) in Computer Science and Engineering from the National Institute of Technology Hamirpur, India. Passionate about cybersecurity, he actively explores new advancements in the field and strives to contribute to the security community through research and development.Litesh Ghute Litesh Ghute is a Software Engineer at INE, specializing in web application security, network penetration testing, cloud security, and mobile application security. He has published research at BlackHat USA and Asia, co-trained in cloud security training, and led teams in national hackathons like the Smart India Hackathon. With expertise in advanced penetration testing, web application security, and network penetration testing, he has identified and reported CVEs, contributing to the security community by uncovering critical vulnerabilities. Holding a B.Tech (Hons.) in computer science, he currently works as a full-stack developer and lab builder, focusing on security topics. His open-source projects, AWSGoat and GCPGoat, simulate vulnerable cloud infrastructures for security research and training.
« Back