Adventures in Azure Privilege Escalation
Watch the first webinar in our Lunch & Learn Series below!
With the increase in hybrid cloud adoption, that extends traditional active directory domain environments into Azure, penetration tests and red team assessments are more frequently bringing Azure tenants into the engagement scope. Attackers are often finding themselves with an initial foothold in Azure, but lacking in ideas on what an escalation path would look like.
In this webinar, Karl Fosaaen covers some of the common initial Azure access vectors, along with a handful of escalation paths for getting full control over an Azure tenant. In addition to this, he covers some techniques for maintaining that privileged access after an initial escalation. Throughout each section, he shares some of the tools that can be used to help identify and exploit the issues outlined.
Keep an eye out for Managed Identities if you have a shell on an Azure VM. You might be able to use them for privilege escalation, or for pivoting into the Azure subscription from a local/domain user.
Looking to dump passwords from an Azure subscription? Check out Karl Fosaaen‘s PowerShell script (Get-AzurePasswords) that automates the process of parsing a subscription for all the cleartext passwords and certificates.
The cloud is a valued part of modern infrastructure and there are more resources than ever to help you secure your cloud environment. Download the document we put together for our customers with general guidelines to help you get ahead of the cloud security curve.