{"id":13649481,"url":"https://github.com/mandiant/Azure_Workshop","last_synced_at":"2025-04-22T14:31:49.948Z","repository":{"id":49326615,"uuid":"515640147","full_name":"mandiant/Azure_Workshop","owner":"mandiant","description":null,"archived":true,"fork":false,"pushed_at":"2023-06-01T13:38:26.000Z","size":65,"stargazers_count":608,"open_issues_count":3,"forks_count":82,"subscribers_count":15,"default_branch":"main","last_synced_at":"2024-11-10T00:33:05.052Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/mandiant.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2022-07-19T15:24:58.000Z","updated_at":"2024-11-01T18:23:41.000Z","dependencies_parsed_at":"2024-01-07T03:51:09.495Z","dependency_job_id":"f84bab8f-893e-49ca-b528-532caa3695e0","html_url":"https://github.com/mandiant/Azure_Workshop","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mandiant%2FAzure_Workshop","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mandiant%2FAzure_Workshop/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mandiant%2FAzure_Workshop/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mandiant%2FAzure_Workshop/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/mandiant","download_url":"https://codeload.github.com/mandiant/Azure_Workshop/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":250259047,"owners_count":21401029,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-02T02:00:17.359Z","updated_at":"2025-04-22T14:31:44.941Z","avatar_url":"https://github.com/mandiant.png","language":"HCL","funding_links":[],"categories":["Sorted by Technology and Category","Resources"],"sub_categories":["Lab Exercises"],"readme":"# Azure Red Team Attack and Detect Workshop\n\nThis is a vulnerable-by-design Azure lab containing 2 x attack paths with common misconfigurations. These vulnerabilities are intended to represent those found in live production environments and the attack vectors are intended to be as realistic as possible to real Threat Actors TTPs. If you would like to see what detections and alerts these attack path vectors are causing, I recommend signing up for a Microsoft E5 trial which has Microsoft Defender for Cloud and Azure AD premium P2 plan. Links for signing up to an Azure Developer account can be found in the resources.txt file.\n\nAuthor - Roxana Kovaci (@RoxanaKovaci)\n\n## Requirements\n- Azure tenant\n- Azure CLI\n- Terraform version 1.2.2 or above\n- Azure User with Global Admin role in the AAD tenant\n- add your external IP on lines 248-249 in kc1.tf\n\n## Deployment\n```\naz login\ngit clone https://github.com/mandiant/Azure_Workshop.git\ncd Azure_Workshop\ncd kc1\n\nterraform init\nterraform validate\n\nterraform plan -out kc1.tfplan\nterraform apply kc1.tfplan\n\ncd ../kc2\n\nterraform init\nterraform validate\n\nterraform plan -out kc2.tfplan\nterraform apply kc2.tfplan\n```\n\n## Get started\n- the entry point for each kill-chain is user1. To get the initial user's credentials, run the following query:\n```\nterraform output\n```\n\n## Kill-Chain objectives and other resources\nKill-Chain #1:\n\n- Objective: Gain access to the Customers PII data.\n\n- Solutions: The full attack path solutions can be found in kc1/kc1_solution.txt\n\nKill-Chain #2:\n\n- Objective: Gain access to the super secret file.\n\n- Solutions: The full attack path solutions can be found in kc2/kc2_solution.txt\n\nEach kill-chain has in its folder the Terraform script (and other pre-reqs files needed for deployment) and the solutions to the challenges.\n\nOther resources and useful links to learn more can be found in resources.txt file.\n\n## Clean up\nAfter finishing with each kill-chain scenario, you can remove all resources previously added in your tenant:\n```\naz login\n\ncd kc1\nterraform destroy\n\ncd ../kc2\nterraform destroy\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmandiant%2FAzure_Workshop","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmandiant%2FAzure_Workshop","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmandiant%2FAzure_Workshop/lists"}