Azure Cloud

Blogs/Research

• Azure Security Vulnerabilities and Pentesting
• Cloud basics for pen testers, red teamers, (and defenders)
• Kamranicus - Securing Secrets Using Azure Key Vault and Config Encryption
• Security Pitfalls in Microsoft Azure Function Apps
• Red Teaming Microsoft: Part 1 – Active Directory Leaks via Azure
• Automatic Azure AD User Account Enumeration with PowerShell
• Azure AD Connect for Red Teamers
• I’m in your cloud… reading everyone’s email. Hacking Azure AD via Active Directory
• Azure AD privilege escalation - Taking over default application permissions as Application Admin
• Attacking Azure AD to expose sensitive accounts and assets
• Remote Cloud Execution – Critical Vulnerabilities in Azure Cloud Infrastructure (Part I)
• Remote Cloud Execution – Critical Vulnerabilities in Azure Cloud Infrastructure (Part II)
• Azure Privilege Escalation via Cloud Shell
• Attacking Azure Container Registries with Compromised Credentials
• Cloud Security Risks (Part 1): Azure CSV Injection Vulnerability
• Introducing the Office 365 Attack Toolkit
• Azure serious vulnerability caused by configuration error
• Gathering Bearer Tokens from Azure Services
• BlackDirect: Microsoft Azure Account Takeover
• Azure Skeleton Key: Exploiting Pass-Through Auth to Steal Credentials
• Full public read access Azure blob storage
• Decrypting Azure VM Extension Settings with Get-AzureVMExtensionSettings
• Azure Privilege Escalation Using Managed Identities
• Azure Subdomain Takeover
• Attacking Azure with Custom Script Extensions
• Maintaining Azure Persistence via Automation Accounts
• Using Azure Automation Accounts to Access Key Vaults
• Azure Security Basics: Log Analytics, Security Center, and Sentinel
• PRIVILEGE ESCALATION IN AZURE AD
• Making Clouds Rain :: Remote Code Execution in Microsoft Office 365
• How We Escaped Docker in Azure Functions
• Hackers as Cloud Customers
• Security checklist for cloud workload protection
• Azure AD - Attack and Defense Playbook
• Best practices for monitoring Microsoft Azure platform logs
• Royal Flush: Privilege Escalation Vulnerability in Azure Functions
• AZURE APPLICATION PROXY C2
• Azure Storage Security: Attacking & Auditing
• The False Oracle — Azure Functions Padding Oracle Issue
• How Attackers Use Compromised Accounts to Create and Distribute Malicious OAuth Apps
• Post Exploitation
  • Azure Post Exploitation Techniques
  • Identifying & Exploiting Leaked Azure Storage Keys

Books

• Pentesting Azure Applications: The Definitive Guide to Testing and Securing Deployments

Tools

Offensive

• azucar: Security auditing tool for Azure environments
• cs-suite: One stop tool for auditing the security posture of AWS/GCP/Azure infrastructure.
• onedrive_user_enum: enumerate valid onedrive users

Defensive

• Azure Policy Compliance Scan: With the Azure Policy Compliance Scan action, you can now easily trigger a on demand scan from your GitHub workflow on one or multiple resources, resource groups or subscriptions, and continue/fail the workflow based on the compliance state of resources.