Resources

Enum

Tool	Description
UpdateCloudIPs	Collects the latest IP addresses used by AWS/GCP/Azure Full list for Azure: https://www.microsoft.com/en-us/download/details.aspx?id=41653
cloud_enum	Multi-cloud OSINT tool. Enumerate public resources in AWS, Azure, and Google Cloud Usage: $ python cloudenum.py -k keyword
Stormspotter	Creates an attack graph (Neo4j) of the resources in an Azure subscription
cloud-service-enum	Cloud Services Enumeration
PowerZure	PowerShell project created to assess and exploit resources within Azure

Azure Blobs

Tool	Description
Google	site:*.blob.core.windows.net
dnscan	$ python dnscan.py -d blob.core.windows.net -w subdomains-100.txt

Writeups

Azure Attack Paths	Post shedding some light on known attack paths in an Azure environment
Azure Ad Introduction For Red Teamers	Presents Azure AD and explores different attacking paths
Attacking Azure, Azure AD	Part 1 Part 2
Lateral Movement from Azure to On-Prem AD	Post explaining what Hybrid Azure Join is, target enumeration, and how to abuse Intune/Endpoint Manager to execute code as SYSTEM on target systems
Azure AD Pass The Certificate	Post explaining what NegoEx and PKU2U are, what a P2P certificate is and how to use those to gain access to Azure AD machines
Abusing dynamic groups in Azure AD for privilege escalation	Blog presenting a new technique for escalating privileges within Azure environments through the abuse of dynamic groups in Azure Active Directory
Azure Storage Security: Attacking & Auditing	How to attack and audit cloud storage services on Azure
Getting Started in Pentesting the Cloud: Azure	Differences between Azure resources and Microsoft 365 can oftentimes be confusing but knowing these differences is key to helping you pivot and escalate privileges
Azure Dominance Paths	A comprehensive map of Azure and Azure AD attack paths