Resources

Enum

Tool	Description
UpdateCloudIPs	Collects the latest IP addresses used by AWS/GCP/Azure Full list for Azure: https://www.microsoft.com/en-us/download/details.aspx?id=41653
cloud_enum	Multi-cloud OSINT tool. Enumerate public resources in AWS, Azure, and Google Cloud Usage: $ python cloudenum.py -k keyword
Stormspotter	Creates an attack graph (Neo4j) of the resources in an Azure subscription
cloud-service-enum	Cloud Services Enumeration
PowerZure	PowerShell project created to assess and exploit resources within Azure

Azure Blobs

Tool	Description
Google	site:*.blob.core.windows.net
dnscan	$ python dnscan.py -d blob.core.windows.net -w subdomains-100.txt

Writeups

Azure Ad Introduction For Red Teamers	Presents Azure AD and explores different attacking paths
Attacking Azure, Azure AD	Part 1 Part 2
Lateral Movement from Azure to On-Prem AD	Post explaining what Hybrid Azure Join is, target enumeration, and how to abuse Intune/Endpoint Manager to execute code as SYSTEM on target systems
Azure AD Pass The Certificate	Post explaining what NegoEx and PKU2U are, what a P2P certificate is and how to use those to gain access to Azure AD machines
Abusing dynamic groups in Azure AD for privilege escalation	Blog presenting a new technique for escalating privileges within Azure environments through the abuse of dynamic groups in Azure Active Directory
Azure Storage Security: Attacking & Auditing	How to attack and audit cloud storage services on Azure
Getting Started in Pentesting the Cloud: Azure	Differences between Azure resources and Microsoft 365 can oftentimes be confusing but knowing these differences is key to helping you pivot and escalate privileges
Azure Dominance Paths	A comprehensive map of Azure and Azure AD attack paths