Author: zigmax
-
AAD | Abuse Service Principals
Read more: AAD | Abuse Service PrincipalsHi! Attackers want to target service principals because: Service accounts and service principals do not have MFA Attackers can log into Azure using a service principal account These accounts exist…
-
Introduction aux tests d’intrusions Azure
Read more: Introduction aux tests d’intrusions AzureHi! Yesterday, I had the privilege to give a talk about an introduction of Azure Pentesting. Slides (in English) Video (in French) Maxime.
-
Azure Disk | Exfiltrate VM Disk
Read more: Azure Disk | Exfiltrate VM DiskHi! Previous article: Azure Disk | Data Exfiltration In this article, I will show you how we can leverage the PowerZure tool to exfiltrate data stored in the virtual machines…
-
VM | Exploit Virtual Machine with Manage Identity (MSI)
Read more: VM | Exploit Virtual Machine with Manage Identity (MSI)Hi! In this article, I will show you how you can exploit a virtual machine associated with a Managed Identity. To leverage this attack, we will use the LAVA –…
-
Azure | Enumerating Azure Services
Read more: Azure | Enumerating Azure ServicesHi! In this article, I will show you how you can leverage the MicroBurst tool to anonymously enumerating Azure Services. Please find below a list of DNS suffixes associated with…
-
AAD | Password Spray Attack
Read more: AAD | Password Spray AttackHi! Previous articles: AAD | Enabled or not? AAD | Enumerate valid emails/accounts In this article, I will show how you can run a Password Spray attack againt your Azure…