Azure Pentest
MicroBurst, Lava, Koboko, PowerZure, Stormspotter, and BloodHound
Ffuf
Nabu
Amass
Gbounty bounty automation
Ddosify\
Nuclei
Dradis framework report writing
Corsy cors security
https://github.com/CrowdStrike/CRT
https://github.com/nccgroup/azucar
4:26 / 7:44
Burp Suite Bambdas
From <https://www.youtube.com/watch?v=G-EPLDXzz4k&list=PL4GgDfx_FS1vktfQ4SmH9A_8pqPF7tvcf&index=28>
Cloud Security
Azure Security assessment phases
Azure components
azure ad
azure
Attack Scenarios:
- MFA bypass : token dumping : processexp64 dumps: teams : grep for jwt
- evilnginx
Inforamtion Gathering
Tenant ID
Tenant name
Authentication Type
is federation in place
domain
azure services used by target organization
email ids in use
Enum
Azure service finder : https://github.com/NetSPI/MicroBurst
Email enumeration : https://github.com/LMGsec/o365creeper
is azure manangin security or not ( is client on azure or not)
https://login.microsoftonline.com/getuserrealm.srf?login=username@dfwairport.com&xml=1
FInding the tenant ID
https://login.microsoftonline.com/dfwairport.com/.well-known/openid-configuration
https://login.microsoftonline.com/sonepar.com/.well-known/openid-configuration
Recon
https://github.com/Gerenios/AADInternals
https://github.com/nsonaniya2010/SubDomainizer
cloud pentest
Cloud security audit
prowler
scoutsuite
cloudsploit https://github.com/aquasecurity/cloudsploit
Azure Storage:
Container
fileshare
tables
queue
https://github.com/cyberark/BlobHunter
https://github.com/nccgroup/ScoutSuite
https://github.com/prowler-cloud/prowler
References:
https://learn.microsoft.com/en-us/azure/security/fundamentals/log-audit
https://www.getastra.com/blog/cloud/azure/azure-security-audit/
https://learn.microsoft.com/en-us/azure/security/fundamentals/operational-checklist
Videos
Introduction To Azure Penetration Testing by Nikhil Mittal
EDITED EDITION — Getting Started in Pentesting The Cloud–Azure | Beau Bullock | 1-Hour
Last updated