Chapter 4: Exploiting Reader Permissions
While the Reader role is not as heavily used in subscriptions as the Contributor or Owner roles, it does allow users to read basic information about the resources and configurations of the services. As an initial entry point into an environment, the Reader role may allow you to read sensitive information that could be used to pivot to more privileged roles.
The Reader role does not allow any modifications to services or resources, but it will allow an attacker to enumerate the attack surface area for the environment. This reason is frequently a driver for issuing Reader access to any Azure AD accounts that might be provisioned for use during an Azure penetration test.
For good reason, many organizations ...
Get Penetration Testing Azure for Ethical Hackers now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.