| title | Azure Cloud |
|---|---|
| sidebar | mydoc_sidebar |
| permalink | azure_cloud.html |
| folder | mydoc |
{% include links.html %}
- Azure Security Vulnerabilities and Pentesting
- Cloud basics for pen testers, red teamers, (and defenders)
- Kamranicus - Securing Secrets Using Azure Key Vault and Config Encryption
- Security Pitfalls in Microsoft Azure Function Apps
- Red Teaming Microsoft: Part 1 – Active Directory Leaks via Azure
- Automatic Azure AD User Account Enumeration with PowerShell
- Azure AD Connect for Red Teamers
- I'm in your cloud... reading everyone's email. Hacking Azure AD via Active Directory
- Azure AD privilege escalation - Taking over default application permissions as Application Admin
- Attacking Azure AD to expose sensitive accounts and assets
- Remote Cloud Execution – Critical Vulnerabilities in Azure Cloud Infrastructure (Part I)
- Remote Cloud Execution – Critical Vulnerabilities in Azure Cloud Infrastructure (Part II)
- Azure Privilege Escalation via Cloud Shell
- Attacking Azure Container Registries with Compromised Credentials
- Cloud Security Risks (Part 1): Azure CSV Injection Vulnerability
- Introducing the Office 365 Attack Toolkit
- Azure serious vulnerability caused by configuration error
- Gathering Bearer Tokens from Azure Services
- BlackDirect: Microsoft Azure Account Takeover
- Azure Skeleton Key: Exploiting Pass-Through Auth to Steal Credentials
- Full public read access Azure blob storage
- Decrypting Azure VM Extension Settings with Get-AzureVMExtensionSettings
- Azure Privilege Escalation Using Managed Identities
- Azure Subdomain Takeover
- Attacking Azure with Custom Script Extensions
- Maintaining Azure Persistence via Automation Accounts
- Using Azure Automation Accounts to Access Key Vaults
- Azure Security Basics: Log Analytics, Security Center, and Sentinel
- PRIVILEGE ESCALATION IN AZURE AD
- Making Clouds Rain :: Remote Code Execution in Microsoft Office 365
- How We Escaped Docker in Azure Functions
- Hackers as Cloud Customers
- Security checklist for cloud workload protection
- Azure AD - Attack and Defense Playbook
- Best practices for monitoring Microsoft Azure platform logs
- Royal Flush: Privilege Escalation Vulnerability in Azure Functions
- AZURE APPLICATION PROXY C2
- Azure Storage Security: Attacking & Auditing
- The False Oracle — Azure Functions Padding Oracle Issue
- How Attackers Use Compromised Accounts to Create and Distribute Malicious OAuth Apps
- Post Exploitation
- azucar: Security auditing tool for Azure environments
- cs-suite: One stop tool for auditing the security posture of AWS/GCP/Azure infrastructure.
- onedrive_user_enum: enumerate valid onedrive users
Defensive
- Azure Policy Compliance Scan: With the Azure Policy Compliance Scan action, you can now easily trigger a on demand scan from your GitHub workflow on one or multiple resources, resource groups or subscriptions, and continue/fail the workflow based on the compliance state of resources.