Skip to content



Tool Description
  • Multi-cloud OSINT tool. Enumerate public resources in AWS, Azure, and Google Cloud
  • Usage: $ python -k keyword
  • Creates an attack graph (Neo4j) of the resources in an Azure subscription
  • Cloud Services Enumeration
PowerZure PowerShell project created to assess and exploit resources within Azure

Azure Blobs

Tool Description
Google site:*
dnscan $ python -d -w subdomains-100.txt


Azure Ad Introduction For Red Teamers Presents Azure AD and explores different attacking paths
Attacking Azure, Azure AD
Lateral Movement from Azure to On-Prem AD Post explaining what Hybrid Azure Join is, target enumeration, and how to abuse Intune/Endpoint Manager to execute code as SYSTEM on target systems
Azure AD Pass The Certificate Post explaining what NegoEx and PKU2U are, what a P2P certificate is and how to use those to gain access to Azure AD machines
Abusing dynamic groups in Azure AD for privilege escalation Blog presenting a new technique for escalating privileges within Azure environments through the abuse of dynamic groups in Azure Active Directory
Azure Storage Security: Attacking & Auditing How to attack and audit cloud storage services on Azure
Getting Started in Pentesting the Cloud: Azure Differences between Azure resources and Microsoft 365 can oftentimes be confusing but knowing these differences is key to helping you pivot and escalate privileges
Azure Dominance Paths A comprehensive map of Azure and Azure AD attack paths
Back to top