Hi!
In this article, I will show you how you can scan an Azure Blob to identity potential public storage containers. By default when you create a new container, you have 3 options to define the public level access:
- Private: No public access to this container (default configuration).
- Blob: Public access is permitted to this container and its blobs.
- Container: Public access is permitted to blobs in this container, but not to the container itself.
![](https://zigmax.net/wp-content/uploads/2022/03/storage-public-accesslevel2.png)
To leverage this attack, we will use a function including in the MicroBurst tool.
Invoke-EnumerateAzureBlobs -Base yourcompanyname
![](https://zigmax.net/wp-content/uploads/2022/03/blob-scan1-1024x141.png)
In this example, I will use an additional containerlist file with some folders examples (dev, non, prod, devprod, ….)
Invoke-EnumerateAzureBlobs -Base zigmaxlab -Folders .\containerlist.txt
![](https://zigmax.net/wp-content/uploads/2022/03/blob-scan2-1024x169.png)
Maxime.