Penetration Testing Azure for Ethical Hackers: Develop practical skills to perform pentesting and risk assessment of Microsoft Azure environments
- Length: 352 pages
- Edition: 1
- Language: English
- Publisher: Packt Publishing
- Publication Date: 2021-11-25
- ISBN-10: 1839212934
- ISBN-13: 9781839212932
- Sales Rank: #55169 (See Top 100 Books)
Simulate real-world attacks using tactics, techniques, and procedures that adversaries use during cloud breaches
Key Features
- Understand the different Azure attack techniques and methodologies used by hackers
- Find out how you can ensure end-to-end cybersecurity in the Azure ecosystem
- Discover various tools and techniques to perform successful penetration tests on your Azure infrastructure
Book Description
Security professionals working with Azure will be able to put their knowledge to work with this practical guide to penetration testing. The book provides a hands-on approach to exploring Azure penetration testing methodologies that will help you get up and running in no time with the help of a variety of real-world examples, scripts, and ready-to-use source code.
As you learn about the Microsoft Azure platform and understand how hackers can attack resources hosted in the Azure cloud, you’ll find out how to protect your environment by identifying vulnerabilities, along with extending your pentesting tools and capabilities. This book starts by taking you through the prerequisites for pentesting Azure and shows you how to set up a pentesting lab. You’ll then simulate attacks on Azure assets such as web applications and virtual machines from anonymous and authenticated perspectives. Finally, you’ll learn about the opportunities for privilege escalation in Azure tenants and ways in which an attacker can create persistent access to an environment.
By the end of this book, you’ll be able to leverage your ethical hacking skills to identify and implement different tools and techniques to perform successful penetration tests on your own Azure infrastructure.
What you will learn
- Identify how administrators misconfigure Azure services, leaving them open to exploitation
- Understand how to detect cloud infrastructure, service, and application misconfigurations
- Explore processes and techniques for exploiting common Azure security issues
- Use on-premises networks to pivot and escalate access within Azure
- Diagnose gaps and weaknesses in Azure security implementations
- Understand how attackers can escalate privileges in Azure AD
Who this book is for
This book is for new and experienced infosec enthusiasts who want to learn how to simulate real-world Azure attacks using tactics, techniques, and procedures (TTPs) that adversaries use in cloud breaches. Any technology professional working with the Azure platform (including Azure administrators, developers, and DevOps engineers) interested in learning how attackers exploit vulnerabilities in Azure hosted infrastructure, applications, and services will find this book useful.
Table of Contents
- Azure Platform and Architecture Overview
- Building Your Own Environment
- Finding Azure Services and Vulnerabilities
- Exploiting Reader Permissions
- Exploiting Contributor Permissions on IaaS Services
- Exploiting Contributor Permissions on PaaS Services
- Exploiting Owner and Privileged Azure AD Role Permissions
- Persisting in Azure Environments
Penetration Testing Azure for Ethical Hackers Foreword Contributors About the authors About the reviewers Preface Who this book is for What this book covers To get the most out of this book Download the color images Download the example code files Conventions used Disclaimer Get in touch Share Your Thoughts Section 1: Understanding the Azure Platform and Architecture Chapter 1: Azure Platform and Architecture Overview Technical requirements The basics of Microsoft's Azure infrastructure Azure clouds and regions Azure resource management hierarchy An overview of Azure services Understanding the Azure RBAC structure Security principals Role definition Role assignment Accessing the Azure cloud Azure portal Azure CLI PowerShell Azure REST APIs Azure Resource Manager Summary Further reading Chapter 2: Building Your Own Environment Technical requirements Creating a new Azure tenant Hands-on exercise: Creating an Azure tenant Hands-on exercise: Creating an Azure admin account Deploying a pentest VM in Azure Hands-on exercise: Deploying your pentest VM Hands-on exercise: Installing WSL on your pentest VM Hands-on exercise: Installing the Azure and Azure AD PowerShell modules on your pentest VM Hands-on exercise: Installing the Azure CLI on your pentest VM (WSL) Azure penetration testing tools Summary Chapter 3: Finding Azure Services and Vulnerabilities Technical requirements Guidelines for Azure penetration testing Azure penetration test scopes Anonymous service identification Test at your own risk Azure public IP address ranges Hands-on exercise – parsing Azure public IP addresses using PowerShell Azure platform DNS suffixes Hands-on exercise – using MicroBurst to enumerate PaaS services Custom domains and IP ownership Introducing Cloud IP Checker Hands-on exercise – determining whether custom domain services are hosted in Azure Subdomain takeovers Identifying vulnerabilities in public-facing services Configuration-related vulnerabilities Hands-on exercise – identifying misconfigured blob containers using MicroBurst Patching-related vulnerabilities Code-related vulnerabilities Finding Azure credentials Guessing Azure AD credentials Introducing MSOLSpray Hands-on exercise – guessing Azure Active Directory credentials using MSOLSpray Conditional Access policies Summary Further reading Section 2: Authenticated Access to Azure Chapter 4: Exploiting Reader Permissions Technical requirements Preparing for the Reader exploit scenarios Gathering an inventory of resources Introducing PowerZure Hands-on exercise – gathering subscription access information with PowerZure Hands-on exercise – enumerating subscription information with MicroBurst Reviewing common cleartext data stores Evaluating Azure Resource Manager (ARM) deployments Hands-on exercise – hunting credentials in resource group deployments Exploiting App Service configurations Escalating privileges using a misconfigured service principal Hands-on exercise – escalating privileges using a misconfigured service principal Reviewing ACR Hands-on exercise – hunting for credentials in the container registry Exploiting dynamic group memberships Hands-on exercise – cleaning up the Owner exploit scenarios Summary Further reading Chapter 5: Exploiting Contributor Permissions on IaaS Services Technical requirements Reviewing the Contributor RBAC role Hands-on exercise – preparing for the Contributor (IaaS) exploit scenarios Understanding Contributor IaaS escalation goals Local credential hunting Domain credential hunting Lateral network movement opportunities Tenant credential hunting Exploiting Azure platform features with Contributor rights Exploiting the password reset feature Hands-on exercise – exploiting the password reset feature to create a local administrative user Exploiting the Run Command feature Hands-on exercise – exploiting privileged VM resources using Lava Executing VM extensions Extracting data from Azure VMs Gathering local credentials with Mimikatz Gathering credentials from the VM extension settings Exploiting the Disk Export and Snapshot Export features Hands-on exercise – exfiltrating VM disks using PowerZure Hands-on exercise – cleaning up the Contributor (IaaS) exploit scenarios Summary Further reading Chapter 6: Exploiting Contributor Permissions on PaaS Services Preparing for Contributor (PaaS) exploit scenarios Attacking storage accounts Hands-on exercise – Dumping Azure storage keys using MicroBurst Attacking Cloud Shell storage files Hands-on exercise – Escalating privileges using the Cloud Shell account Pillaging keys, secrets, and certificates from Key Vaults Hands-on exercise – exfiltrate secrets, keys, and certificates in Key Vault Leveraging web apps for lateral movement and escalation Hands-on exercise – Extracting credentials from App Service Lateral movement, escalation, and persistence in App Service Extracting credentials from Automation Accounts Automation Account credential extraction overview Hands-on exercise – Creating a Run as account in the test Automation account Hands-on exercise – Extracting stored passwords and certificates from Automation accounts Hands-on exercise – Cleaning up the Contributor (PaaS) exploit scenarios Summary Further reading Chapter 7: Exploiting Owner and Privileged Azure AD Role Permissions Technical requirements Escalating from Azure AD to Azure RBAC roles Path 1 – Exploiting group membership Path 2 – Resetting user passwords Path 3 – Exploiting service principal secrets Path 4 – Elevating access to the root management group Hands-on exercise – Preparing for the Global Administrator/Owner exploit scenarios Hands-on exercise – Elevating access Escalating from subscription Owner to Azure AD roles Path 1 – Exploiting privileged service principals Path 2 – Exploiting service principals' API permissions Attacking on-premises systems to escalate in Azure Identifying connections to on-premises networks Identifying domain escalation paths Automating the identification of escalation paths Tools for pivoting along escalation paths General tips for post domain escalation and lateral movement Hands-on exercise – Cleaning up the Owner exploit scenarios Summary Chapter 8: Persisting in Azure Environments Understanding the goals of persistence Plan on getting caught Have multiple channels ready Use long-term and short-term channels Have multiple persistence options at multiple levels Persisting in an Azure subscription Stealing credentials from a system Hands-on exercise – stealing and reusing tokens from an authenticated Azure admin system Maintaining persistence with virtual machines Maintaining persistence with Automation accounts Maintaining persistence to PaaS services Persisting in an Azure AD tenant Creating a backdoor identity Modifying existing identities Granting privileged access to an identity Bypassing security policies to allow access Summary Further reading Why subscribe? Other Books You May Enjoy Packt is searching for authors like you Share Your Thoughts
Donate to keep this site alive
How to download source code?
1. Go to: https://github.com/PacktPublishing
2. In the Find a repository… box, search the book title: Penetration Testing Azure for Ethical Hackers: Develop practical skills to perform pentesting and risk assessment of Microsoft Azure environments
, sometime you may not get the results, please search the main title.
3. Click the book title in the search results.
3. Click Code to download.
1. Disable the AdBlock plugin. Otherwise, you may not get any links.
2. Solve the CAPTCHA.
3. Click download link.
4. Lead to download server to download.