Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
Awesome-Azure-Pentest
A collection of resources, tools and more for penetration testing and securing Microsofts cloud platform Azure.
https://github.com/Kyuu-Ji/Awesome-Azure-Pentest
Last synced: 1 day ago
JSON representation
-
Resources
-
Articles
- Attacking Azure & Azure AD, Part II
- Defense and Detection for Attacks Within Azure
- Lateral Movement from Azure to On-Prem AD
- Abusing dynamic groups in Azure AD for Privilege Escalation
- Attacking Azure, Azure AD, and Introducing PowerZure
- Attacking Azure & Azure AD, Part II
- Azure AD Connect for Red Teamers
- Azure AD Introduction for Red Teamers
- Azure AD Pass The Certificate
- Azure AD privilege escalation - Taking over default application permissions as Application Admin
- Defense and Detection for Attacks Within Azure
- Hunting Azure Admins for Vertical Escalation
- Impersonating Office 365 Users With Mimikatz
- Lateral Movement from Azure to On-Prem AD
- Malicious Azure AD Application Registrations
- Moving laterally between Azure AD joined machines
- CrowdStrike Launches Free Tool to Identify and Help Mitigate Risks in Azure Active Directory
- Privilege Escalation Vulnerability in Azure Functions
- Azure Application Proxy C2
- Forensicating Azure VMs
- Network Forensics on Azure VMs
- Cross-Account Container Takeover in Azure Container Instances
- Azure Active Directory password brute-forcing flaw
- How to Detect Azure Active Directory Backdoors: Identity Federation
- Azure App Service vulnerability exposed hundreds of source code repositories
- AutoWarp: Cross-Account Vulnerability in Microsoft Azure Automation Service
- Microsoft Azure Synapse Pwnalytics
- Microsoft Azure Site Recovery DLL Hijacking
- FabriXss (CVE-2022-35829): Abusing a Custom Role User Using CSTI and Stored XSS in Azure Fabric Explorer
- Untangling Azure Active Directory Principals & Access Permissions
- How to Detect OAuth Access Token Theft in Azure
- How to deal with Ransomware on Azure
- How Orca found Server-Side Request Forgery (SSRF) Vulnerabilities in four different Azure Services
- Bounce the Ticket and Silver Iodide on Azure AD Kerberos
- List of all Microsoft Portals
- Azure Articles from NetSPI
- Azure Cheat Sheet on CloudSecDocs
- Resources about Azure from Cloudberry Engineering
- Resources from PayloadsAllTheThings
- Encyclopedia on Hacking the Cloud
- Attacking Azure & Azure AD, Part II
- Defense and Detection for Attacks Within Azure
- Lateral Movement from Azure to On-Prem AD
- Attacking Azure & Azure AD, Part II
- Defense and Detection for Attacks Within Azure
- Lateral Movement from Azure to On-Prem AD
- Attacking Azure & Azure AD, Part II
- Defense and Detection for Attacks Within Azure
- Lateral Movement from Azure to On-Prem AD
- Lateral Movement from Azure to On-Prem AD
- Defense and Detection for Attacks Within Azure
- Attacking Azure & Azure AD, Part II
- Attacking Azure & Azure AD, Part II
- Defense and Detection for Attacks Within Azure
- Lateral Movement from Azure to On-Prem AD
- Attacking Azure & Azure AD, Part II
- Defense and Detection for Attacks Within Azure
- Lateral Movement from Azure to On-Prem AD
- Attacking Azure & Azure AD, Part II
- Defense and Detection for Attacks Within Azure
- Lateral Movement from Azure to On-Prem AD
- Attacking Azure & Azure AD, Part II
- Defense and Detection for Attacks Within Azure
- Lateral Movement from Azure to On-Prem AD
- Attacking Azure & Azure AD, Part II
- Defense and Detection for Attacks Within Azure
- Lateral Movement from Azure to On-Prem AD
- Azure Application Proxy C2
- Attacking Azure & Azure AD, Part II
- Defense and Detection for Attacks Within Azure
- Lateral Movement from Azure to On-Prem AD
- Attacking Azure & Azure AD, Part II
- Attacking Azure & Azure AD, Part II
- Defense and Detection for Attacks Within Azure
- Lateral Movement from Azure to On-Prem AD
- Azure AD - Attack and Defense Playbook
- Azure Security Resources and Notes
- Azure Threat Research Matrix
- Lateral Movement from Azure to On-Prem AD
- Attacking Azure & Azure AD, Part II
- Attacking Azure & Azure AD, Part II
- Defense and Detection for Attacks Within Azure
- Lateral Movement from Azure to On-Prem AD
- Attacking Azure & Azure AD, Part II
- Defense and Detection for Attacks Within Azure
- Lateral Movement from Azure to On-Prem AD
- Attacking Azure & Azure AD, Part II
- Attacking Azure & Azure AD, Part II
- Defense and Detection for Attacks Within Azure
- Lateral Movement from Azure to On-Prem AD
- Defense and Detection for Attacks Within Azure
- Defense and Detection for Attacks Within Azure
- Lateral Movement from Azure to On-Prem AD
- Defense and Detection for Attacks Within Azure
- Lateral Movement from Azure to On-Prem AD
- Attacking Azure & Azure AD, Part II
- Abusing Azure AD SSO with the Primary Refresh Token
- Attacking Azure & Azure AD, Part II
- Defense and Detection for Attacks Within Azure
- Lateral Movement from Azure to On-Prem AD
- Attacking Azure & Azure AD, Part II
- Defense and Detection for Attacks Within Azure
- Lateral Movement from Azure to On-Prem AD
- Attacking Azure & Azure AD, Part II
- Defense and Detection for Attacks Within Azure
- Lateral Movement from Azure to On-Prem AD
- Attacking Azure & Azure AD, Part II
- Defense and Detection for Attacks Within Azure
- Lateral Movement from Azure to On-Prem AD
- Attacking Azure & Azure AD, Part II
- Defense and Detection for Attacks Within Azure
- Lateral Movement from Azure to On-Prem AD
- Attacking Azure & Azure AD, Part II
- Defense and Detection for Attacks Within Azure
- Lateral Movement from Azure to On-Prem AD
- EmojiDeploy: Smile! Your Azure web service just got RCE’d
- Attacking Azure & Azure AD, Part II
- Defense and Detection for Attacks Within Azure
- Lateral Movement from Azure to On-Prem AD
- Attacking Azure & Azure AD, Part II
- Defense and Detection for Attacks Within Azure
- Lateral Movement from Azure to On-Prem AD
- Attacking Azure & Azure AD, Part II
- Attacking Azure & Azure AD, Part II
- Attacking Azure & Azure AD, Part II
- Defense and Detection for Attacks Within Azure
- Lateral Movement from Azure to On-Prem AD
- Defense and Detection for Attacks Within Azure
- Lateral Movement from Azure to On-Prem AD
- Attacking Azure & Azure AD, Part II
- Defense and Detection for Attacks Within Azure
- Lateral Movement from Azure to On-Prem AD
- Attacking Azure & Azure AD, Part II
- Attacking Azure & Azure AD, Part II
- Attacking Azure & Azure AD, Part II
- Defense and Detection for Attacks Within Azure
- Lateral Movement from Azure to On-Prem AD
- Attacking Azure & Azure AD, Part II
- Defense and Detection for Attacks Within Azure
- Lateral Movement from Azure to On-Prem AD
- Attacking Azure & Azure AD, Part II
- Defense and Detection for Attacks Within Azure
- Lateral Movement from Azure to On-Prem AD
- Attacking Azure & Azure AD, Part II
- Defense and Detection for Attacks Within Azure
- Lateral Movement from Azure to On-Prem AD
- Defense and Detection for Attacks Within Azure
- Lateral Movement from Azure to On-Prem AD
- Attacking Azure & Azure AD, Part II
- Defense and Detection for Attacks Within Azure
- Lateral Movement from Azure to On-Prem AD
- Attacking Azure & Azure AD, Part II
- Defense and Detection for Attacks Within Azure
- Lateral Movement from Azure to On-Prem AD
- Attacking Azure & Azure AD, Part II
- Defense and Detection for Attacks Within Azure
- Lateral Movement from Azure to On-Prem AD
- Attacking Azure & Azure AD, Part II
- Defense and Detection for Attacks Within Azure
- Lateral Movement from Azure to On-Prem AD
- Lateral Movement from Azure to On-Prem AD
- Attacking Azure & Azure AD, Part II
- Defense and Detection for Attacks Within Azure
- Attacking Azure & Azure AD, Part II
- Defense and Detection for Attacks Within Azure
- Lateral Movement from Azure to On-Prem AD
- Attacking Azure & Azure AD, Part II
- Defense and Detection for Attacks Within Azure
- Lateral Movement from Azure to On-Prem AD
- Attacking Azure & Azure AD, Part II
- Defense and Detection for Attacks Within Azure
- Lateral Movement from Azure to On-Prem AD
- Attacking Azure & Azure AD, Part II
- Defense and Detection for Attacks Within Azure
- Lateral Movement from Azure to On-Prem AD
- Attacking Azure & Azure AD, Part II
- Defense and Detection for Attacks Within Azure
- Lateral Movement from Azure to On-Prem AD
- Defense and Detection for Attacks Within Azure
- Lateral Movement from Azure to On-Prem AD
- Attacking Azure & Azure AD, Part II
- Attacking Azure & Azure AD, Part II
- Defense and Detection for Attacks Within Azure
- Lateral Movement from Azure to On-Prem AD
- Attacking Azure & Azure AD, Part II
- Defense and Detection for Attacks Within Azure
- Lateral Movement from Azure to On-Prem AD
- Attacking Azure & Azure AD, Part II
- Defense and Detection for Attacks Within Azure
- Lateral Movement from Azure to On-Prem AD
- Attacking Azure & Azure AD, Part II
- Defense and Detection for Attacks Within Azure
- Lateral Movement from Azure to On-Prem AD
- Recovering Plaintext Passwords from Azure Virtual Machines like It’s the 1990s
- Attacking Azure & Azure AD, Part II
- Defense and Detection for Attacks Within Azure
- Lateral Movement from Azure to On-Prem AD
- Attacking Azure & Azure AD, Part II
- Defense and Detection for Attacks Within Azure
- Lateral Movement from Azure to On-Prem AD
- Attacking Azure & Azure AD, Part II
- Defense and Detection for Attacks Within Azure
- Lateral Movement from Azure to On-Prem AD
- Attacking Azure & Azure AD, Part II
- Defense and Detection for Attacks Within Azure
- Lateral Movement from Azure to On-Prem AD
- Attacking Azure & Azure AD, Part II
- Defense and Detection for Attacks Within Azure
- Lateral Movement from Azure to On-Prem AD
- Attacking Azure & Azure AD, Part II
- Defense and Detection for Attacks Within Azure
- Lateral Movement from Azure to On-Prem AD
- Attacking Azure & Azure AD, Part II
- Defense and Detection for Attacks Within Azure
- Lateral Movement from Azure to On-Prem AD
- Attacking Azure & Azure AD, Part II
- Defense and Detection for Attacks Within Azure
- Lateral Movement from Azure to On-Prem AD
- Attacking Azure & Azure AD, Part II
- Attacking Azure & Azure AD, Part II
- Defense and Detection for Attacks Within Azure
- Lateral Movement from Azure to On-Prem AD
- Attacking Azure & Azure AD, Part II
- Defense and Detection for Attacks Within Azure
- Lateral Movement from Azure to On-Prem AD
- Azure Articles from NetSPI
- Attacking Azure & Azure AD, Part II
- Defense and Detection for Attacks Within Azure
- Lateral Movement from Azure to On-Prem AD
- Privilege Escalation Vulnerability in Azure Functions
- Attacking Azure & Azure AD, Part II
- Defense and Detection for Attacks Within Azure
- Lateral Movement from Azure to On-Prem AD
- Attacking Azure & Azure AD, Part II
- Defense and Detection for Attacks Within Azure
- Lateral Movement from Azure to On-Prem AD
- Attacking Azure & Azure AD, Part II
- Defense and Detection for Attacks Within Azure
- Lateral Movement from Azure to On-Prem AD
- Attacking Azure & Azure AD, Part II
- Defense and Detection for Attacks Within Azure
- Lateral Movement from Azure to On-Prem AD
- Attacking Azure & Azure AD, Part II
- Defense and Detection for Attacks Within Azure
- Lateral Movement from Azure to On-Prem AD
-
Lab Exercises
- Building Free Active Directory Lab in Azure
- SANS Workshop – Building an Azure Pentest Lab for Red Teams - The link in the description contains a password-protected OVA file that can be used until 2nd March 2024
- azure-security-lab - Securing Azure Infrastructure - Hands on Lab Guide
- AzureSecurityLabs - Hands-on Security Labs focused on Azure IaaS Security
- Aria Cloud Penetration Testing Tools Container - A Docker container for remote penetration testing
- PurpleCloud - Multi-use Hybrid + Identity Cyber Range implementing a small Active Directory Domain in Azure alongside Azure AD and Azure Domain Services
- BlueCloud - Cyber Range system with a Windows VM for security testing with Azure and AWS Terraform support
- Azure Red Team Attack and Detect Workshop
-
Talks and Videos
- Attacking and Defending the Microsoft Cloud (Office 365 & Azure AD
- Presentation Slides
- TR19: I'm in your cloud, reading everyone's emails - hacking Azure AD via Active Directory
- Presentation Slides
- Dirk Jan Mollema - Im In Your Cloud Pwning Your Azure Environment - DEF CON 27 Conference
- Presentation Slides
- Adventures in Azure Privilege Escalation Karl Fosaaen
- Presentation Slides
- Introducing ROADtools - Azure AD exploration for Red Teams and Blue Teams
-
Books
-
-
Tools
-
Enumeration
- Grayhat Warfare - Open Azure blobs and AWS bucket search
- o365creeper - Enumerate valid email addresses
- CloudBrute - Tool to find a cloud infrastructure of a company on top Cloud providers
- cloud_enum - Multi-cloud OSINT tool. Enumerate public resources in AWS, Azure, and Google Cloud
- Azucar - Security auditing tool for Azure environments
- CrowdStrike Reporting Tool for Azure (CRT) - Query Azure AD/O365 tenants for hard to find permissions and configuration settings
- ScoutSuite - Multi-cloud security auditing tool. Security posture assessment of different cloud environments.
- BlobHunter - A tool for scanning Azure blob storage accounts for publicly opened blobs
- Office 365 User Enumeration - Enumerate valid usernames from Office 365 using ActiveSync, Autodiscover v1 or office.com login page
- CloudFox - Automating situational awareness for cloud penetration tests
- Monkey365 - Conduct Microsoft 365, Azure subscriptions and Azure Active Directory security configuration reviews
- Azure-AccessPermissions - PowerShell script to enumerate access permissions in an Azure AD environment
- Prowler - Perform AWS and Azure security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness
-
Information Gathering
- Get-MsolRolesAndMembers.ps1 - Retrieve list of roles and associated role members
- o365recon - Information gathering with valid credentials to Azure
- ROADtools - Framework to interact with Azure AD
- PowerZure - PowerShell framework to assess Azure security
- Azurite - Enumeration and reconnaissance activities in the Microsoft Azure Cloud
- Sparrow.ps1 - Helps to detect possible compromised accounts and applications in the Azure/M365 environment
- Hawk - Powershell based tool for gathering information related to O365 intrusions and potential breaches
- Microsoft Azure AD Assessment - Tooling for assessing an Azure AD tenant state and configuration
- Cloud Katana - Unlocking Serverless Computing to Assess Security Controls
- SCuBA M365 Security Baseline Assessment Tool - Automation to assess the state of your M365 tenant against CISA's baselines
-
Exploitation
- azuread_decrypt_msol_v2.ps1 - Decrypt Azure AD MSOL service account
- MicroBurst - A collection of scripts for assessing Microsoft Azure security
- Microsoft-Teams-GIFShell - Microsoft Teams can be leveraged by an attacker, to execute a reverse shell between an attacker and victim piped through malicious GIFs sent in Teams messages
- MSOLSpray - A password spraying tool for Microsoft Online accounts (Azure/O365)
- MSOLSpray.py - A Python version of the MSOLSpray password spraying tool for Microsoft Online accounts (Azure/O365)
- o365spray - Username enumeration and password spraying tool aimed at Microsoft O365
- MFASweep - A tool for checking if MFA is enabled on multiple Microsoft Services Resources
- adconnectdump - Dump Azure AD Connect credentials for Azure AD and Active Directory
-
Lateral Movement
- Stormspotter - Azure Red Team tool for graphing Azure and Azure Active Directory objects
- AzureADLateralMovement - Lateral Movement graph for Azure Active Directory
- SkyArk - Discover, assess and secure the most privileged entities in Azure and AWS
- omigood (OM I GOOD?) - Scanner to detect VMs vulnerable to one of the "OMIGOD" vulnerabilities
-
Categories
Sub Categories
Keywords
security
8
azure
7
cloud
5
aws
4
powershell
4
office365
4
cloud-security
4
azuread
3
security-tools
3
pentesting
3
python
2
penetration-testing
2
azure-active-directory
2
user-enumeration
2
o365
2
m365
2
gcp
2
infosec
2
hacking
2
powershell-module
2
dfir
2
dfir-automation
2
purpleteam
2
purview
1
microsoft365-compliance
1
microsoft365
1
cis-benchmark
1
compliance
1
devsecops
1
forensics
1
gdpr
1
hardening
1
exchangeonline
1
penetration-testing-tools
1
golang
1
auditing
1
osint
1
vultr
1
s3-bucket
1
redteam
1
pentest-tool
1
linode
1
google
1
digitalocean
1
cloud-storage
1
bugbounty
1
amazon
1
admins
1
attacker
1
privileges
1