5TARGETING VIRTUAL MACHINES
Every penetration tester is likely to encounter numerous virtual machines (VMs) in Azure. As you’ll learn in this chapter, attackers can leverage Azure Storage as a vector to steal secrets from, and take control of, Azure virtual machines. With the right level of access to these systems, an attacker could take complete control over any service running on the VMs and surreptitiously collect data about the users who connect to them.
To demonstrate this, I begin with a look at how to obtain the virtual hard disk (VHD) images for virtual machines, without ever gaining Azure portal access. Once a copy of the VM’s VHD is ...
Get Pentesting Azure Applications now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
