Azure Attack Paths |
Post shedding some light on known attack paths in an Azure environment |
Azure Ad Introduction For Red Teamers |
Presents Azure AD and explores different attacking paths |
Attacking Azure, Azure AD |
|
Lateral Movement from Azure to On-Prem AD |
Post explaining what Hybrid Azure Join is, target enumeration, and how to abuse Intune/Endpoint Manager to execute code as SYSTEM on target systems |
Azure AD Pass The Certificate |
Post explaining what NegoEx and PKU2U are, what a P2P certificate is and how to use those to gain access to Azure AD machines |
Abusing dynamic groups in Azure AD for privilege escalation |
Blog presenting a new technique for escalating privileges within Azure environments through the abuse of dynamic groups in Azure Active Directory |
Azure Storage Security: Attacking & Auditing |
How to attack and audit cloud storage services on Azure |
Getting Started in Pentesting the Cloud: Azure |
Differences between Azure resources and Microsoft 365 can oftentimes be confusing but knowing these differences is key to helping you pivot and escalate privileges |
Azure Dominance Paths |
A comprehensive map of Azure and Azure AD attack paths |