Skip to content

Resources

Enum

Tool Description
UpdateCloudIPs
cloud_enum
  • Multi-cloud OSINT tool. Enumerate public resources in AWS, Azure, and Google Cloud
  • Usage: $ python cloudenum.py -k keyword
Stormspotter
  • Creates an attack graph (Neo4j) of the resources in an Azure subscription
cloud-service-enum
  • Cloud Services Enumeration
PowerZure PowerShell project created to assess and exploit resources within Azure

Azure Blobs

Tool Description
Google site:*.blob.core.windows.net
dnscan $ python dnscan.py -d blob.core.windows.net -w subdomains-100.txt

Writeups

Azure Attack Paths Post shedding some light on known attack paths in an Azure environment
Azure Ad Introduction For Red Teamers Presents Azure AD and explores different attacking paths
Attacking Azure, Azure AD
Lateral Movement from Azure to On-Prem AD Post explaining what Hybrid Azure Join is, target enumeration, and how to abuse Intune/Endpoint Manager to execute code as SYSTEM on target systems
Azure AD Pass The Certificate Post explaining what NegoEx and PKU2U are, what a P2P certificate is and how to use those to gain access to Azure AD machines
Abusing dynamic groups in Azure AD for privilege escalation Blog presenting a new technique for escalating privileges within Azure environments through the abuse of dynamic groups in Azure Active Directory
Azure Storage Security: Attacking & Auditing How to attack and audit cloud storage services on Azure
Getting Started in Pentesting the Cloud: Azure Differences between Azure resources and Microsoft 365 can oftentimes be confusing but knowing these differences is key to helping you pivot and escalate privileges
Azure Dominance Paths A comprehensive map of Azure and Azure AD attack paths