Pentesting Azure
Learning Resources:
Azure articles: Link
Automated Tools:
Microbust: NetSPI
Illicit Consent Grant Attack
0365-Stealer : Github
Identify Attack Surface
External
Unauthenticated
Attacking public resources
Internal (Resource access)
Testing internal cloud resources from another resource such as a VM
Internal (API access)
Authenticated
Identify vulnerabilities via API calls & configuration analysis
Recon & External Attacks
Authentication
Post-Compromise
Azure Subscription Hierarchy
Resource-Specific Issues
Leveraging Scanning Tools
Last updated