Log In
Or create an account -> 
Imperial Library
  • Home
  • About
  • News
  • Upload
  • Forum
  • Help
  • Login/SignUp

Index
Penetration Testing Azure for Ethical Hackers Foreword Contributors About the authors About the reviewers Preface
Who this book is for What this book covers To get the most out of this book Download the color images Download the example code files Conventions used Disclaimer Get in touch Share Your Thoughts
Section 1: Understanding the Azure Platform and Architecture Chapter 1: Azure Platform and Architecture Overview
Technical requirements The basics of Microsoft's Azure infrastructure
Azure clouds and regions Azure resource management hierarchy
An overview of Azure services Understanding the Azure RBAC structure
Security principals Role definition Role assignment
Accessing the Azure cloud
Azure portal Azure CLI PowerShell Azure REST APIs Azure Resource Manager
Summary Further reading
Chapter 2: Building Your Own Environment
Technical requirements Creating a new Azure tenant
Hands-on exercise: Creating an Azure tenant Hands-on exercise: Creating an Azure admin account
Deploying a pentest VM in Azure
Hands-on exercise: Deploying your pentest VM Hands-on exercise: Installing WSL on your pentest VM Hands-on exercise: Installing the Azure and Azure AD PowerShell modules on your pentest VM Hands-on exercise: Installing the Azure CLI on your pentest VM (WSL)
Azure penetration testing tools Summary
Chapter 3: Finding Azure Services and Vulnerabilities
Technical requirements Guidelines for Azure penetration testing
Azure penetration test scopes
Anonymous service identification
Test at your own risk Azure public IP address ranges Hands-on exercise – parsing Azure public IP addresses using PowerShell Azure platform DNS suffixes Hands-on exercise – using MicroBurst to enumerate PaaS services Custom domains and IP ownership Introducing Cloud IP Checker Hands-on exercise – determining whether custom domain services are hosted in Azure Subdomain takeovers
Identifying vulnerabilities in public-facing services
Configuration-related vulnerabilities Hands-on exercise – identifying misconfigured blob containers using MicroBurst Patching-related vulnerabilities Code-related vulnerabilities
Finding Azure credentials
Guessing Azure AD credentials Introducing MSOLSpray Hands-on exercise – guessing Azure Active Directory credentials using MSOLSpray Conditional Access policies
Summary Further reading
Section 2: Authenticated Access to Azure Chapter 4: Exploiting Reader Permissions
Technical requirements Preparing for the Reader exploit scenarios Gathering an inventory of resources
Introducing PowerZure Hands-on exercise – gathering subscription access information with PowerZure Hands-on exercise – enumerating subscription information with MicroBurst
Reviewing common cleartext data stores
Evaluating Azure Resource Manager (ARM) deployments Hands-on exercise – hunting credentials in resource group deployments Exploiting App Service configurations Escalating privileges using a misconfigured service principal Hands-on exercise – escalating privileges using a misconfigured service principal Reviewing ACR Hands-on exercise – hunting for credentials in the container registry
Exploiting dynamic group memberships Hands-on exercise – cleaning up the Owner exploit scenarios Summary Further reading
Chapter 5: Exploiting Contributor Permissions on IaaS Services
Technical requirements Reviewing the Contributor RBAC role
Hands-on exercise – preparing for the Contributor (IaaS) exploit scenarios
Understanding Contributor IaaS escalation goals
Local credential hunting Domain credential hunting Lateral network movement opportunities Tenant credential hunting
Exploiting Azure platform features with Contributor rights
Exploiting the password reset feature Hands-on exercise – exploiting the password reset feature to create a local administrative user Exploiting the Run Command feature Hands-on exercise – exploiting privileged VM resources using Lava Executing VM extensions
Extracting data from Azure VMs
Gathering local credentials with Mimikatz Gathering credentials from the VM extension settings Exploiting the Disk Export and Snapshot Export features Hands-on exercise – exfiltrating VM disks using PowerZure Hands-on exercise – cleaning up the Contributor (IaaS) exploit scenarios
Summary Further reading
Chapter 6: Exploiting Contributor Permissions on PaaS Services
Preparing for Contributor (PaaS) exploit scenarios Attacking storage accounts
Hands-on exercise – Dumping Azure storage keys using MicroBurst Attacking Cloud Shell storage files Hands-on exercise – Escalating privileges using the Cloud Shell account
Pillaging keys, secrets, and certificates from Key Vaults
Hands-on exercise – exfiltrate secrets, keys, and certificates in Key Vault
Leveraging web apps for lateral movement and escalation
Hands-on exercise – Extracting credentials from App Service Lateral movement, escalation, and persistence in App Service
Extracting credentials from Automation Accounts
Automation Account credential extraction overview Hands-on exercise – Creating a Run as account in the test Automation account Hands-on exercise – Extracting stored passwords and certificates from Automation accounts Hands-on exercise – Cleaning up the Contributor (PaaS) exploit scenarios
Summary Further reading
Chapter 7: Exploiting Owner and Privileged Azure AD Role Permissions
Technical requirements Escalating from Azure AD to Azure RBAC roles
Path 1 – Exploiting group membership Path 2 – Resetting user passwords Path 3 – Exploiting service principal secrets Path 4 – Elevating access to the root management group Hands-on exercise – Preparing for the Global Administrator/Owner exploit scenarios Hands-on exercise – Elevating access
Escalating from subscription Owner to Azure AD roles
Path 1 – Exploiting privileged service principals Path 2 – Exploiting service principals' API permissions
Attacking on-premises systems to escalate in Azure
Identifying connections to on-premises networks Identifying domain escalation paths Automating the identification of escalation paths Tools for pivoting along escalation paths General tips for post domain escalation and lateral movement Hands-on exercise – Cleaning up the Owner exploit scenarios
Summary
Chapter 8: Persisting in Azure Environments
Understanding the goals of persistence
Plan on getting caught Have multiple channels ready Use long-term and short-term channels Have multiple persistence options at multiple levels
Persisting in an Azure subscription
Stealing credentials from a system Hands-on exercise – stealing and reusing tokens from an authenticated Azure admin system Maintaining persistence with virtual machines Maintaining persistence with Automation accounts Maintaining persistence to PaaS services
Persisting in an Azure AD tenant
Creating a backdoor identity Modifying existing identities Granting privileged access to an identity Bypassing security policies to allow access
Summary Further reading Why subscribe?
Other Books You May Enjoy
Packt is searching for authors like you Share Your Thoughts
  • ← Prev
  • Back
  • Next →
  • ← Prev
  • Back
  • Next →

Chief Librarian: Las Zenow <zenow@riseup.net>
Fork the source code from gitlab.

This is a mirror of the Tor onion service:
http://kx5thpx2olielkihfyo4jgjqfb7zx7wxr3sd4xzt26ochei4m6f7tayd.onion