Skip to content

Resources

Enum

Tool Description
UpdateCloudIPs
cloud_enum
  • Multi-cloud OSINT tool. Enumerate public resources in AWS, Azure, and Google Cloud
  • Usage: $ python cloudenum.py -k keyword
Stormspotter
  • Creates an attack graph (Neo4j) of the resources in an Azure subscription
cloud-service-enum
  • Cloud Services Enumeration
PowerZure PowerShell project created to assess and exploit resources within Azure

Azure Blobs

Tool Description
Google site:*.blob.core.windows.net
dnscan $ python dnscan.py -d blob.core.windows.net -w subdomains-100.txt

Writeups

Azure Ad Introduction For Red Teamers Presents Azure AD and explores different attacking paths
Attacking Azure, Azure AD
Lateral Movement from Azure to On-Prem AD Post explaining what Hybrid Azure Join is, target enumeration, and how to abuse Intune/Endpoint Manager to execute code as SYSTEM on target systems
Azure AD Pass The Certificate Post explaining what NegoEx and PKU2U are, what a P2P certificate is and how to use those to gain access to Azure AD machines
Abusing dynamic groups in Azure AD for privilege escalation Blog presenting a new technique for escalating privileges within Azure environments through the abuse of dynamic groups in Azure Active Directory