Previous article: Azure Disk | Data Exfiltration
In this article, I will show you how we can leverage the PowerZure tool to exfiltrate data stored in the virtual machines disks. By default, the network configuration of a disk in Azure is not restricted (Public endpoint), as you can see in the screenshot below:
We will leverage PowerZure and the modules (Get-AzDisk and Get-AzureVMDisk) to generate a SAS link valid during 24 hours and download the image of the disk (VHD file). This file could be mounted in a Windows environment and the data stored in the file could be extracted.