Cylabs
  • 😊Welcome to CyLabs
  • 101 Series
    • Cyber Security 101
      • Introduction to Cyber Security and core concepts
      • Getting Started into Cyber Security Career
      • Online Cybersecurity Practice Labs to Sharpen Your Skills
      • Cyber Security Interview Q&A
        • Careers in Cybersecurity
      • Stay Tuned : Cyber Resources
        • Blogs for Cyber Security
          • Blogs
            • Penetration Testing Automation
            • Security
              • Metasploit Framework
              • Jenkins Servers: Identifying Vulnerabilities and Exploiting Unauthenticated Access with Groovy Scrip
              • Securing Your Network: Printer Vulnerabilities, LDAP Exploits, and Defense Strategies
              • SSH for Red Teaming and Security Analysis
              • Operating Systems for Penetration Testing: Enhancing Your Cybersecurity Arsenal
              • Hacking Notes
                • Phineas Fisher
        • Cyber News
        • Leading Cybersecurity Companies to follow
        • Cybersecurity Courses and Certifications: Trends in 2024
        • ISACs: Enhancing Cybersecurity through Collaboration and Information Sharing
        • Global and National Cybersecurity Agencies: Guardians of the Digital Realm
        • Cyber Security News Feed Resources
    • Kubernetes 101
    • Web 101
    • Operating Systems
      • Linux 101
        • Linux Kernel
        • Basic Commands and Usage
          • Shell Commands
        • Linux File System
        • apt
        • su and sudo
        • File Search
        • Linux Services
        • Networking
          • Netcat
        • Corn Jobs
        • Shell Scripting
        • Linux OS API's
      • Windows 101
        • Windows system calls
        • Windows Event Logs and IDs
        • Windows UAC
        • Windows Registry
        • Windows Bit Locker
        • Volume Shadow Copy Service
        • Windows OS API's
    • Building the Security Lab
      • Virtualization with Virtual Box
        • Installing and setting Virtual Box
        • Vritual Box Networking
      • Home Lab Setup
        • PF Sense Installation
        • Ubuntu Installation
        • Metasploit Installation
        • Kali Linux Installation
    • Fundamentals of Programming
      • Python 101
      • Powershell 101
      • SQL 101
    • AI/ML and Data Science for Cyber Security and Analytics
    • IT Infrastructure and Hardware
    • Governance, Risk and Compliance
    • Networking 101
      • Network Packets and Frames
      • Network Switches and Routers: The Backbone of Connectivity
      • Network Security Devices and Strategies
      • Network Design and Architecture: A Foundation for Robust Connectivity
      • Specialized Network Equipment and Functions
      • Network Traffic Management and Analysis
      • Advanced Networking Concepts
      • ARP and RARP
      • How DNS, HTTP and HTTPS works
      • Understanding the Basics of Networking
  • Introduction to Cyber Security Operations
    • Security Architecture and Engineering
      • Security Controls
        • Preventive
        • Deterrent
        • Detective
        • Corrective
        • Compensating
        • Directive
    • GRC
      • Information Security and Risk Management
        • Risk Management
        • Supply Chain Risk Management
        • Governance
        • Asset Management
        • Cyber Security Road Map
        • Cyber Security Controls
        • Cyber Security Strategy and Architecture
        • Cyber Security Architecture
        • Risk Assessment and Security Questionnaire
        • Ransomware Prevention
        • Gap Assessment
        • Principle of Least Privilege
      • Governance
      • Asset Security
      • Communication and Network Security
      • Identity and Access Management
      • Security Assessment and Testing
      • Security Operations
      • Software Development Security
      • Security Baselines
      • Security Reporting
      • Data Loss Prevention
      • Zero Trust
      • MFA
      • Compliance
    • Security Policies and Procedures
    • Offensive Security
      • Stages of Penetration Testing
    • Cyber Defense
      • Security Operations Center (SOC)
        • SOC Architecture Development with ELK Stack:
      • Different Classes of Threat Actor
    • Security Principles, Controls and Strategies
      • Defense in Depth
      • Least Privilege
      • Zero Trust
  • Cyber Security Assessment
    • Planning and Scoping
      • Security Engagement
      • Security Assessment Questionaire
      • Who Targeting you
    • Reconnaissance
      • Active Recon
        • Tools
          • NMAP
          • Maascan
          • Recon-NG
          • Maltego
          • Spider Foot
          • Whois
          • TraceRoute
          • Amass
          • The Harvester
          • Nslookup
          • DNS Dumpster
          • BloodHound
          • Relay Attacks
          • Packet Crafting
          • NMAP+Proxychains+TOR
      • Passive Reconnaissance
        • Network Sniffing
          • Wireshark
          • TCPDump
        • Whois (online services)
        • EMail Account Enumeration
          • Hunter.io
        • Search Engine Analysis
          • Google Hacking Database
          • Shodan
          • Censys.io
        • Information Disclousre
        • Banner Grabbing
        • HTML Scrapping
        • Certificate Transparency Logs
        • Open Source Intelligence (OSINT)
          • Ship OSINT
          • Social Media
          • Code Repositories
          • Darkweb Analysis
          • DNS
          • Cached Pages
          • Password Dumps
          • Anonymity
    • Enumeration
      • OS Finger Printing
      • Service Discovery
      • Protocol Enumeration
      • DNS Enumeration
      • FTP Service
      • HTTP/HTTPS
      • WMI
      • DCOM
      • RPC Remote Procedure Call
      • Directory Enumeration
      • Host Discovery
      • Share Enumeration
        • SMB
      • Local User Enumeration
      • Email Account Enumeration
      • SSH Service
      • Wireless Enumeration
        • Wigle.net
        • InSSIDer
        • Aircrack-ng
      • Permission Enumeration
      • Secrets Enumeration
        • Passwords
        • Session Tokens
        • Cloud Access Keys
      • Attack Path Mapping
      • VNC
      • Web Application Firewall
      • Wordpress Scan
      • Remote Desktop Protocol
      • SNMP
      • SMTP
      • Web Crawling
        • Platform Plugins
        • Sitemap
        • Robots.txt
      • Active Directory Enumeration
    • Vulnerability Assessment and Management
      • Terminology
      • Vulnerability Database
      • Vulnerability Scoring
        • CWE
        • CVSS
        • CVE
        • EPSS
      • Vulnerability Scan
        • Authenticated vs Unauthenticated Scans
        • OS Security Assessment
        • Tenable
        • Nikto
        • Open VAS
      • Exploit Databases
      • Tools
        • Tenable.IO
        • Open VAS
    • Exploitation
      • Attack Surface and Target Prioritization
        • High Valued Assets and Identification
        • Vulnerability Metrics
        • End of Life Softwares
        • Default Configuration
        • Running Services
        • Vulnerable Encryption Methods
        • Defensive Capabilities
        • Attack Path
      • Attack Types
        • Network Attacks
          • Virtual LAN Hopping
          • Packet Crafting
            • Attacks Scenario
          • Default Credentials
          • On-Path / Man in the Middle Attacks
          • Certificate Services Attacks
      • Host Based Attacks
        • Privilege Escalation
        • Credential Dumping
        • Shell Escape
        • UAC Bypass
        • Payload Obfuscation
        • Endpoint Security Bypass
        • Process Hallowing
        • Log Tampering
        • DLL Injection
        • Service Path Injection
      • Authentication Attacks
        • LDAP Injection
        • SAML Attacks
        • Open ID Connect Attacks
        • Dictionary Attacks
        • Credential Stuffing
        • MFA Fatigue
        • Pass the Hash attacks
        • Kerberos Attacks
        • Pass the Ticket Attacks
      • Vulnerable Encryption Methods
      • Tools
        • Metsploit
        • Netcat
        • LOLbins
        • Mimikatz
        • Rubeus
        • Certify
        • AD Search
        • Powerview
        • SeaBelt
        • Evil winRM
        • PSEXEC
        • Powersploit
        • Metasploit
        • Impacket
        • Responder
        • CrackMapExec
        • Msfvenom
        • Responder
        • Searhsploit
        • Powersploit
      • Password Attacks
        • Password Cracking
        • Password Spraying
        • Tools
          • Medusa
          • Burpsuite
          • John the Ripper
          • Hydra
          • Hashcat
        • Password Attacks
    • Lateral Movement
      • Relay Creation
      • String Searches
      • Service Discovery
      • Tunneling
        • SSH Tunneling
      • Pivoting
      • Exfiltration
        • DNS
        • HTTPS
        • EMail
        • Cloud Storage
      • Tools
        • sshuttle
        • Page 1
    • Post Exploitation
      • Persistance
        • Scheduled Taks
        • Bind Shell
        • Registry Keys
        • C2 Frameworks
        • Tampering Security Controls
        • Back Door
          • Trojan
          • Root Kit
          • Web Shell
        • Searching Valid Account Credetials
        • New Account Creation
        • Reverse Shell
        • Service Creation
        • Cron Jobs
      • Command and Control
    • Reporting
  • Cybersecurity Frameworks and Standards
    • CREST
    • CIS
    • NIST Publications
      • NIST SP 800-171
      • NIST CSF
      • NIST SP 800-115
    • MITRE
      • MITRE D3FEND
      • MITRE ATT&CK
    • Penetration Testing Execution Standard (PTES)
    • OWASP Top 10
    • Purdue Model
    • Open Source Security Testing Methodology Manual (OSSTMM)
    • Council of Registered Ethical Security Testers (CREST)
    • Zero Trust
    • CMMC
    • Threat Modeling Frameworks
      • STRIDE
      • OCTAVE
      • DREAD
    • Mitigation Strategies
      • Network Segmentaion
      • Access Control
      • Application Control
      • Isolation Techniques
      • Default Password Changes
      • Host based firewall
      • Protocol blocking
      • Port blocking
      • Host based intrusion prevention
      • Endpoint Management
      • Decommissioning
      • Configuration Management
      • Least Privilege
      • Logging
      • Monitoring
      • Encryption
      • Patching
    • Security Governance
      • Data and System: Roles and Responsiblities
      • Security Policies
        • Access Use Policy
      • Security Standards
        • Access Control
        • Encryption
        • Password
      • Security Procedures
        • Change Management
  • Security Domains
    • Security Designing
    • Application Security
      • Cryptographic Attacks
      • Password Attacks
      • Web Application Security
        • Enumeration
          • Cookie and Header Security Review
        • Bruteforce Attack
        • Directory Traversal
        • Insecure Direct Object Reference (IDOR)
        • Session Hijacking
        • File Inclusion Attacks
          • LFI
          • Webshell
          • RFI
        • Server-Side Request Forgery (SSRF)
        • Deserialization Attacks
        • Command Injection
        • Server Side Template Injection
        • Cross Site Scripting (XSS)
        • SQL Injection
          • Union Based SQL Injection
          • Blind SQL Injection
        • Cross-Site Request Forgery (CSRF)
        • XML External Entity (XXE)
        • File Upload Vulnerabilites
        • Remote Code Execution (RCE)
        • Tools
          • Hetty
      • OWASP TOP 10 API
        • API Abuse
        • JWT Token manipulation
        • Graph QL security
        • API security
      • OWASP Top 10 Mobile
      • OWASP Top 10 IOT
      • Web Application Security
        • Getting Started in BugBounty Hutning
        • Subdomain Enumeration
        • Subdomain Takeover: Understanding the Risks and Prevention
        • Tools and Technologies
      • Microservices
      • WPscan
        • Burpsuite
        • Ffuf
        • Gobuster
        • Postman
        • Dirbuster
        • Wfuzz
        • ZAP
      • Tools
        • BurpSuite
        • SQLmap
    • Cloud Security
      • Metadata Service Attacks
      • IAM misconfigurations
      • Tools
        • Pacu
        • Prowler
        • Scoutsuite
        • Docker Bench
      • Container Escape
      • Workload Runtime Attacks
      • Supply Chain Attacks
      • Misconfigurations
        • Network Segmentation
        • Network Controls
        • IAM Credentials
        • Public Access to Services
        • Exposed Storage Buckets
        • Logging Information Exposure
      • Azure Security : Components and Assessment Guide
        • Azure Security Assessment Tools : Installation and usuage
    • Identity and Access Management
    • Cloud Security
      • Cloud Engineering and Architecture concepts
      • Cloud Data Security
      • Cloud Platform and Infrastructure Security
      • Cloud Application Security
      • Cloud Security Operations
      • Cloud Legal, Risk and Compliance
      • Azure Security
      • Azure Pentest
    • DevSecOps
      • Static Application Security Testing (SAST)
        • Code Quality
        • CheckMarx
        • Sonarqube
          • Sonarqube Installation using Helm Chart on AKS
      • Interactive Application Security Testing (IAST)
      • Dynamic Application Security Testing (DAST)
      • SCA
      • Wazuh SIEM and XDR
        • Wazuh on Azure AKS
        • Azure + Argo
      • DevSecOps
    • Social Engineering
      • Vishing
      • Spearphishing
      • Smishing
      • Eavesdropping
      • Impersonation
      • Watering Hole
      • Shoulder Surfing
      • Whaling
      • Phishing
      • Tools
        • GoPhish
        • Beef
        • Evilginx
        • SET social engineering toolkit
    • DevOps
      • Kubernetes
        • Kubernetes Architecture and Components
        • Mastering kubectl: The Command Line Interface for Kubernetes
        • Overview of Kubernetes Tools and Utilities
        • Container vs Pod vs Deployment
        • Kubernetes and Docker Swarm
        • Deploying a Kubernetes Cluster Using Minikube
        • Deploying a Kubernetes Cluster Using Kind
        • Integrating Kubernetes with Azure Key Vault
        • Containers vs Virtual Machines
        • Comprehensive Guide to Kubernetes Security and Analysis Tools
        • Monitoring Kubernetes with Prometheus and Grafana
        • Introduction to Azure Kubernetes Service (AKS) and Deploying Your First Cluster
        • Kubernetes Persistence with Backend Databases
        • Kubernetes StatefulSet vs. Deployment
        • DevSecOps Architecture for Kubernetes
      • Docker
      • Helm
        • Scenario : Configuring Azure Key Vault and Using Secrets in Helm Deployments
      • Git Ops
        • Argo CD
      • Git and Versioning
      • Terraform
      • Virtualization
    • Mobile Security
      • Android Mobile App Security Assessment
      • Suspicious Malware App Analysis
      • Android App Penetration Testing
      • Permission Abuse
      • Jailbreak/Rooting
      • Tools
        • MobSF
        • Drozer
        • Frida
    • IOT/OT/SCADA
      • Power Supply
        • Juice Jacking
      • RFID
      • Bluetooth
        • BlueJacking
        • Bluetooth Spamming
      • Ports and Services
      • Port Mirroring
      • Modbus Attack
      • CAN Bus Attack
      • Replay Attack
      • Memory Registry Attacks
      • Tools
        • BlueCrack
        • Scapy
        • TCP Replay
    • Network Security
      • Network Attacks
        • DNS Attacks
        • DDOS
      • Network Assessment
      • Wireshark
      • Zeek
      • Snort
      • TCPDump
      • Defensive Network
        • Firewalls
        • Intrusion Detection System
    • Wireless Attacks
      • Service Set Identifier (SSID)
      • Wardriving
      • Evil Twin Attack
      • Deauthentication Attacks
      • Signal Jamming
      • Channel Scanning
      • Signal Strength Scanning
      • Tools
        • WiFi Pumpkin
        • AirCrack Ng
        • Kismet
    • Purple Teaming
      • Tools
        • Infection Monkey
        • Atomic RedTeam
        • Caldera
    • Kubernetes Security
      • AKS Security
      • Kube-Hunter
      • KubeEscape
    • Hardware Security
    • Container Security
      • Grype
      • Trivy
      • Clair
    • AI
      • LLM (Large Language Models)
      • Prompt Engineering
      • AI Cyber Security Risk Management
        • AI Policies
      • AI Security
      • AI Attacks
        • Prompt Injection
        • Model Manipulation
      • Security Frameworks
        • MITRE ATLAS
        • OWASP Top 10 LLMs
        • NIST AI Risk Management Framework
    • Reverse Engineering
      • Scenarios
        • Browser Plugin
        • PDF document
        • Word Doc
        • Windows Binary File
        • Mobile App
      • Buffer Overflow
  • Operational Security
    • Identity and Access Management
      • Identity
      • Authentication
      • Accountability
      • Access Management
      • Authorization
      • Access Controls
    • Deception Technology
      • Honeypot
      • Honeynet
      • Honeyfile
      • Honey Token
    • Cryptography
      • Data at Rest
      • Data at Transit
      • Hashing
      • BlockChain
      • Digital Signatures
      • Certificates
      • Encryption
        • Public Key Infrastructure (PKI)
          • Public Key
          • Private Key
        • Tools
      • Certification Preparation
        • Penetration Testing
        • GRC and Audit
    • File Integrity Monitoring
    • Data Security
      • DLP
    • Change Management
      • Impact Analysis
    • Malware Analysis
      • Malware Analysis Tool
      • Malware Analysis Books
      • university courses and resources related to malware analysis
      • Binary Analysis
    • Data Loss Prevention
    • Threat Modeling
      • Attack Surface Management
        • Introduction
      • Threats, Technologies, Procedures
        • Threat Actors
      • Threat Hunting
        • Indicators of Compromise
      • Threat Assessment
        • Threat Modeling
          • OCTAVE
          • DREAD
          • STRIDE
        • Threat Hunting
          • Threat Hunting Blogs
          • Ransomware: An Overview
          • Threat Hunting and Incident Response Q&A
          • Network Traffic Analysis: Wireshark
          • Threat Hunting Questionnaire
          • KQL
          • Email Header Analysis
          • TH
          • Windows Process Exploration
        • Threat Intelligence
          • Threat Intelligence Tools and Techniques
            • Yara
      • Malware Attacks
    • Digital Forensics
      • Network Forensics
      • Forensic Tool Analysis
      • Data Recovery
    • Endpoint Management
    • SOC/SOAR
      • Threat hunting scenarios
      • Log Management
        • AWS VPC flow log analysis
        • Linux Logs
        • Windows Logs
    • Ransomware Prevention
      • APT Groups
    • Security Automation
      • C
      • Powershell
      • Python
      • C++
      • GO
      • Rust
    • Incident Response
      • Scenarios
        • Windows : No Event Logs
      • Tools
        • Chainsaw
    • Defensive Security Controls
    • Physical Security
      • Physical Attacks
        • USB (Universal Serial Bus)
        • Tailgating
        • Lock Picking
        • RFID Cloning
          • Badge Cloning
    • Personal Security
    • Security Awareness and Training
    • Firewall
    • Network Access Control
    • Intrusion Detection System
    • Intrusion Prevention System
    • Operating System Security
    • Secure Protocol Usuage
    • Business Continuity
    • Email Security
    • DNS Filtering
    • user behaviour analytics
    • Host Security
    • Mobile Device Security
    • Change Management
    • Vulnerability Management
      • Vulnerability Assessment
        • Vulnerability Analysis
      • Types of Vulnerabilites
    • Penetration Testing/Red Teaming
    • Disaster Recovery
    • Logging and Monitoring
      • Monitoring
        • Systems
        • Infrastructure
        • Applications
      • Logging
        • Log Data
          • Application Logs
          • Network Logs
          • WAF Logs
          • IDS/IPS logs
          • OS logs
          • Endpoint Logs
          • Firewall Logs
        • Alerting
        • Log Aggregation
      • Tools
    • Endpoint
    • Security Metrics
  • Industry Specific Security:Case Studies
    • Aviation Security
      • The Integral Role of Airports in National Security : Operations Perspective
      • Cyber Attacks on Airports
      • Navigating the Complex Web of Airport Operations: Key Components and Leading Industry Providers
    • Aviation Security
  • Computational Science
    • Quantum Computing
      • Quantum Computing: Unleashing the Power of Qubits
    • Probability
  • Data Engineering
  • AI/ML and Data Science
    • Installation
      • Ollama
    • Machine Learning
    • Large Language Models (LLM)
    • Security Analytics
    • Untitled
      • Roles and Responsibilites
      • Azure AI Services
        • AI Services Security
        • Monitoring Azure AI Services
        • AI services on containers
  • Application Development
    • Django
  • Radom Topics :)
    • CSA WAI
  • CISSP
Powered by GitBook
On this page

Was this helpful?

  1. Security Domains
  2. Cloud Security

Azure Pentest

MicroBurst, Lava, Koboko, PowerZure, Stormspotter, and BloodHound

https://kaeferjaeger.gay/

Ffuf

Nabu

Amass

Gbounty bounty automation

Ddosify

Nuclei

Dradis framework report writing

Corsy cors security

https://github.com/CrowdStrike/CRT

https://github.com/nccgroup/azucar

4:26 / 7:44

Burp Suite Bambdas

From <https://www.youtube.com/watch?v=G-EPLDXzz4k&list=PL4GgDfx_FS1vktfQ4SmH9A_8pqPF7tvcf&index=28>

Cloud Security

Azure Security assessment phases

Azure components

azure ad

azure

Attack Scenarios:

- MFA bypass : token dumping : processexp64 dumps: teams : grep for jwt

- evilnginx

Inforamtion Gathering

Tenant ID

Tenant name

Authentication Type

is federation in place

domain

azure services used by target organization

email ids in use

Enum

Azure service finder : https://github.com/NetSPI/MicroBurst

Email enumeration : https://github.com/LMGsec/o365creeper

is azure manangin security or not ( is client on azure or not)

https://login.microsoftonline.com/getuserrealm.srf?login=username@dfwairport.com&xml=1

FInding the tenant ID

https://login.microsoftonline.com/dfwairport.com/.well-known/openid-configuration

https://login.microsoftonline.com/sonepar.com/.well-known/openid-configuration

Recon

https://github.com/Gerenios/AADInternals

https://github.com/nsonaniya2010/SubDomainizer

cloud pentest

Cloud security audit

prowler

scoutsuite

cloudsploit https://github.com/aquasecurity/cloudsploit

Azure Storage:

Container

fileshare

tables

queue

https://github.com/cyberark/BlobHunter

https://github.com/nccgroup/ScoutSuite

https://github.com/prowler-cloud/prowler

References:

https://learn.microsoft.com/en-us/azure/security/fundamentals/log-audit

https://www.getastra.com/blog/cloud/azure/azure-security-audit/

https://learn.microsoft.com/en-us/azure/security/fundamentals/operational-checklist

Videos

Introduction To Azure Penetration Testing by Nikhil Mittal

EDITED EDITION — Getting Started in Pentesting The Cloud–Azure | Beau Bullock | 1-Hour

PreviousAzure SecurityNextDevSecOps

Last updated 4 months ago

Was this helpful?