Adventures in Azure Privilege Escalation

Watch the first webinar in our Lunch & Learn Series below!

With the increase in hybrid cloud adoption, that extends traditional active directory domain environments into Azure, penetration tests and red team assessments are more frequently bringing Azure tenants into the engagement scope. Attackers are often finding themselves with an initial foothold in Azure, but lacking in ideas on what an escalation path would look like.

In this webinar, Karl Fosaaen covers some of the common initial Azure access vectors, along with a handful of escalation paths for getting full control over an Azure tenant. In addition to this, he covers some techniques for maintaining that privileged access after an initial escalation. Throughout each section, he shares some of the tools that can be used to help identify and exploit the issues outlined.

Presenters

 

Related Resources

Azure Privilege Escalation Using Managed Identities

Keep an eye out for Managed Identities if you have a shell on an Azure VM. You might be able to use them for privilege escalation, or for pivoting into the Azure subscription from a local/domain user.

Get-AzurePasswords: A Tool for Dumping Credentials from Azure Subscriptions

Looking to dump passwords from an Azure subscription? Check out Karl Fosaaen‘s PowerShell script (Get-AzurePasswords) that automates the process of parsing a subscription for all the cleartext passwords and certificates.

How Do You Know You’re Covered in the Cloud?

The cloud is a valued part of modern infrastructure and there are more resources than ever to help you secure your cloud environment. Download the document we put together for our customers with general guidelines to help you get ahead of the cloud security curve.


Contact Us