book

Penetration Testing Azure for Ethical Hackers

Name: Penetration Testing Azure for Ethical Hackers
ISBN: 9781839212932

by David Okeyode, Karl Fosaaen

November 2021

Intermediate to advanced

352 pages

7h 11m

English

Packt Publishing

Read now

Unlock full access

Penetration Testing Azure for Ethical Hackers
ForewordContributorsAbout the authorsAbout the reviewers
Preface
Who this book is forWhat this book coversTo get the most out of this bookDownload the color imagesDownload the example code filesConventions usedDisclaimerGet in touchShare Your Thoughts
Section 1: Understanding the Azure Platform and Architecture
Chapter 1: Azure Platform and Architecture Overview
Technical requirementsThe basics of Microsoft's Azure infrastructureAzure clouds and regionsAzure resource management hierarchyAn overview of Azure servicesUnderstanding the Azure RBAC structureSecurity principalsRole definitionRole assignment Accessing the Azure cloudAzure portalAzure CLIPowerShellAzure REST APIsAzure Resource ManagerSummaryFurther reading
Chapter 2: Building Your Own Environment
Technical requirementsCreating a new Azure tenantHands-on exercise: Creating an Azure tenantHands-on exercise: Creating an Azure admin accountDeploying a pentest VM in AzureHands-on exercise: Deploying your pentest VMHands-on exercise: Installing WSL on your pentest VMHands-on exercise: Installing the Azure and Azure AD PowerShell modules on your pentest VMHands-on exercise: Installing the Azure CLI on your pentest VM (WSL)Azure penetration testing toolsSummary
Chapter 3: Finding Azure Services and Vulnerabilities
Technical requirementsGuidelines for Azure penetration testingAzure penetration test scopesAnonymous service identificationTest at your own riskAzure public IP address rangesHands-on exercise – parsing Azure public IP addresses using PowerShellAzure platform DNS suffixesHands-on exercise – using MicroBurst to enumerate PaaS servicesCustom domains and IP ownershipIntroducing Cloud IP CheckerHands-on exercise – determining whether custom domain services are hosted in AzureSubdomain takeoversIdentifying vulnerabilities in public-facing servicesConfiguration-related vulnerabilitiesHands-on exercise – identifying misconfigured blob containers using MicroBurstPatching-related vulnerabilitiesCode-related vulnerabilitiesFinding Azure credentialsGuessing Azure AD credentialsIntroducing MSOLSprayHands-on exercise – guessing Azure Active Directory credentials using MSOLSprayConditional Access policiesSummaryFurther reading
Section 2: Authenticated Access to Azure
Chapter 4: Exploiting Reader Permissions
Technical requirementsPreparing for the Reader exploit scenariosGathering an inventory of resourcesIntroducing PowerZureHands-on exercise – gathering subscription access information with PowerZureHands-on exercise – enumerating subscription information with MicroBurstReviewing common cleartext data storesEvaluating Azure Resource Manager (ARM) deploymentsHands-on exercise – hunting credentials in resource group deploymentsExploiting App Service configurationsEscalating privileges using a misconfigured service principal Hands-on exercise – escalating privileges using a misconfigured service principalReviewing ACRHands-on exercise – hunting for credentials in the container registryExploiting dynamic group membershipsHands-on exercise – cleaning up the Owner exploit scenariosSummaryFurther reading
Chapter 5: Exploiting Contributor Permissions on IaaS Services
Technical requirementsReviewing the Contributor RBAC roleHands-on exercise – preparing for the Contributor (IaaS) exploit scenariosUnderstanding Contributor IaaS escalation goalsLocal credential huntingDomain credential huntingLateral network movement opportunitiesTenant credential huntingExploiting Azure platform features with Contributor rightsExploiting the password reset featureHands-on exercise – exploiting the password reset feature to create a local administrative userExploiting the Run Command featureHands-on exercise – exploiting privileged VM resources using LavaExecuting VM extensionsExtracting data from Azure VMsGathering local credentials with MimikatzGathering credentials from the VM extension settingsExploiting the Disk Export and Snapshot Export featuresHands-on exercise – exfiltrating VM disks using PowerZureHands-on exercise – cleaning up the Contributor (IaaS) exploit scenariosSummaryFurther reading
Chapter 6: Exploiting Contributor Permissions on PaaS Services
Preparing for Contributor (PaaS) exploit scenariosAttacking storage accountsHands-on exercise – Dumping Azure storage keys using MicroBurstAttacking Cloud Shell storage filesHands-on exercise – Escalating privileges using the Cloud Shell accountPillaging keys, secrets, and certificates from Key VaultsHands-on exercise – exfiltrate secrets, keys, and certificates in Key VaultLeveraging web apps for lateral movement and escalationHands-on exercise – Extracting credentials from App ServiceLateral movement, escalation, and persistence in App ServiceExtracting credentials from Automation AccountsAutomation Account credential extraction overviewHands-on exercise – Creating a Run as account in the test Automation accountHands-on exercise – Extracting stored passwords and certificates from Automation accountsHands-on exercise – Cleaning up the Contributor (PaaS) exploit scenariosSummaryFurther reading

Chapter 7: Exploiting Owner and Privileged Azure AD Role Permissions
Technical requirementsEscalating from Azure AD to Azure RBAC rolesPath 1 – Exploiting group membershipPath 2 – Resetting user passwordsPath 3 – Exploiting service principal secretsPath 4 – Elevating access to the root management groupHands-on exercise – Preparing for the Global Administrator/Owner exploit scenariosHands-on exercise – Elevating accessEscalating from subscription Owner to Azure AD rolesPath 1 – Exploiting privileged service principalsPath 2 – Exploiting service principals' API permissionsAttacking on-premises systems to escalate in AzureIdentifying connections to on-premises networksIdentifying domain escalation pathsAutomating the identification of escalation pathsTools for pivoting along escalation pathsGeneral tips for post domain escalation and lateral movementHands-on exercise – Cleaning up the Owner exploit scenariosSummary
Chapter 8: Persisting in Azure Environments
Understanding the goals of persistencePlan on getting caughtHave multiple channels readyUse long-term and short-term channelsHave multiple persistence options at multiple levelsPersisting in an Azure subscriptionStealing credentials from a systemHands-on exercise – stealing and reusing tokens from an authenticated Azure admin systemMaintaining persistence with virtual machinesMaintaining persistence with Automation accountsMaintaining persistence to PaaS servicesPersisting in an Azure AD tenantCreating a backdoor identityModifying existing identitiesGranting privileged access to an identityBypassing security policies to allow accessSummaryFurther reading
Why subscribe?
Other Books You May EnjoyPackt is searching for authors like youShare Your Thoughts

Overview

Dive into the practical world of ethical hacking with 'Penetration Testing Azure for Ethical Hackers'. This book offers step-by-step guidance on identifying and exploiting misconfigurations within Microsoft Azure environments. By following detailed examples and techniques, you will develop the skills needed to assess and secure cloud infrastructure effectively.

What this Book will help me do

Learn how to identify misconfigurations in Azure setups that lead to vulnerabilities.
Gain expertise in exploiting security gaps in Azure using practical, hands-on techniques.
Master privilege escalation tactics in Azure Active Directory and other Azure services.
Understand how to apply penetration testing tools in real-world Azure scenarios.
Develop skills to evaluate and enhance the security posture of Azure infrastructures.

Author(s)

David Okeyode and None Fosaaen bring a wealth of experience in cybersecurity and cloud architecture to this work. They have both spent years working with enterprises to improve cloud security practices and have translated this practical knowledge into an accessible guide. Their teaching approach ensures readers can implement concepts effectively, fostering skill development in Azure pentesting.

Who is it for?

This book is ideal for security professionals, penetration testers, and enthusiasts aiming to expand their technical expertise in Azure environments. If you are a cybersecurity practitioner working with Microsoft Azure or seeking insights into protecting cloud-based services from breaches, this book is an invaluable resource. It is particularly useful for learners with basic exposure to cloud platforms who wish to specialize in advancing Azure security.

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Certified Ethical Hacker (CEH) v12 312-50 Exam Guide

Publisher Resources

ISBN: 9781839212932

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills