Azure Pentest

MicroBurst, Lava, Koboko, PowerZure, Stormspotter, and BloodHound

https://kaeferjaeger.gay/

Ffuf

Nabu

Amass

Gbounty bounty automation

Ddosify

Nuclei

Dradis framework report writing

Corsy cors security

https://github.com/CrowdStrike/CRT

https://github.com/nccgroup/azucar

4:26 / 7:44

Burp Suite Bambdas

From <https://www.youtube.com/watch?v=G-EPLDXzz4k&list=PL4GgDfx_FS1vktfQ4SmH9A_8pqPF7tvcf&index=28>

Cloud Security

Azure Security assessment phases

Azure components

azure ad

azure

Attack Scenarios:

- MFA bypass : token dumping : processexp64 dumps: teams : grep for jwt

- evilnginx

Inforamtion Gathering

Tenant ID

Tenant name

Authentication Type

is federation in place

domain

azure services used by target organization

email ids in use

Enum

Azure service finder : https://github.com/NetSPI/MicroBurst

Email enumeration : https://github.com/LMGsec/o365creeper

is azure manangin security or not ( is client on azure or not)

https://login.microsoftonline.com/getuserrealm.srf?login=username@dfwairport.com&xml=1

FInding the tenant ID

https://login.microsoftonline.com/dfwairport.com/.well-known/openid-configuration

https://login.microsoftonline.com/sonepar.com/.well-known/openid-configuration

Recon

https://github.com/Gerenios/AADInternals

https://github.com/nsonaniya2010/SubDomainizer

cloud pentest

Cloud security audit

prowler

scoutsuite

cloudsploit https://github.com/aquasecurity/cloudsploit

Azure Storage:

Container

fileshare

tables

queue

https://github.com/cyberark/BlobHunter

https://github.com/nccgroup/ScoutSuite

https://github.com/prowler-cloud/prowler

References:

https://learn.microsoft.com/en-us/azure/security/fundamentals/log-audit

https://www.getastra.com/blog/cloud/azure/azure-security-audit/

https://learn.microsoft.com/en-us/azure/security/fundamentals/operational-checklist

Videos

Introduction To Azure Penetration Testing by Nikhil Mittal

EDITED EDITION — Getting Started in Pentesting The Cloud–Azure | Beau Bullock | 1-Hour