Book Image

Penetration Testing Azure for Ethical Hackers

By : David Okeyode, Karl Fosaaen
Book Image

Penetration Testing Azure for Ethical Hackers

By: David Okeyode, Karl Fosaaen

Overview of this book

“If you’re looking for this book, you need it.” — 5* Amazon Review Curious about how safe Azure really is? Put your knowledge to work with this practical guide to penetration testing. This book offers a no-faff, hands-on approach to exploring Azure penetration testing methodologies, which will get up and running in no time with the help of real-world examples, scripts, and ready-to-use source code. As you learn about the Microsoft Azure platform and understand how hackers can attack resources hosted in the Azure cloud, you'll find out how to protect your environment by identifying vulnerabilities, along with extending your pentesting tools and capabilities. First, you’ll be taken through the prerequisites for pentesting Azure and shown how to set up a pentesting lab. You'll then simulate attacks on Azure assets such as web applications and virtual machines from anonymous and authenticated perspectives. In the later chapters, you'll learn about the opportunities for privilege escalation in Azure tenants and ways in which an attacker can create persistent access to an environment. By the end of this book, you'll be able to leverage your ethical hacking skills to identify and implement different tools and techniques to perform successful penetration tests on your own Azure infrastructure.

Related Content you might be interested in

Current Title:

Small book image
Penetration Testing Azure for Ethical Hackers
David Okeyode | Karl Fosaaen
Nov, 2021 | 352 pages
Small book image
Microsoft Azure Security Technologies Certification and Beyond
David Okeyode
Nov, 2021 | 526 pages
Small book image
Mastering Azure Security,
Mustafa Toroman | Tom Janetscheck
Apr, 2022 | 320 pages
Small book image
Hands-On Linux Administration on Azure,
Rithin Skaria | Kamesh Ganesan | Frederik Vos
Feb, 2020 | 508 pages
Table of Contents (12 chapters)
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the color images
Download the example code files
Conventions used
Disclaimer
Get in touch
Share Your Thoughts
1
Section 1: Understanding the Azure Platform and Architecture
Section 1: Understanding the Azure Platform and Architecture
Free Chapter
2
Chapter 1: Azure Platform and Architecture Overview
Chapter 1: Azure Platform and Architecture Overview
Technical requirements
The basics of Microsoft's Azure infrastructure
An overview of Azure services
Understanding the Azure RBAC structure
Accessing the Azure cloud
Summary
Further reading
3
Chapter 2: Building Your Own Environment
Chapter 2: Building Your Own Environment
Technical requirements
Creating a new Azure tenant
Deploying a pentest VM in Azure
Azure penetration testing tools
Summary
4
Chapter 3: Finding Azure Services and Vulnerabilities
Chapter 3: Finding Azure Services and Vulnerabilities
Technical requirements
Guidelines for Azure penetration testing
Anonymous service identification
Identifying vulnerabilities in public-facing services
Finding Azure credentials
Summary
Further reading
5
Section 2: Authenticated Access to Azure
Section 2: Authenticated Access to Azure
6
Chapter 4: Exploiting Reader Permissions
Chapter 4: Exploiting Reader Permissions
Technical requirements
Preparing for the Reader exploit scenarios
Gathering an inventory of resources
Reviewing common cleartext data stores
Exploiting dynamic group memberships
Hands-on exercise – cleaning up the Owner exploit scenarios
Summary
Further reading
7
Chapter 5: Exploiting Contributor Permissions on IaaS Services
Chapter 5: Exploiting Contributor Permissions on IaaS Services
Technical requirements
Reviewing the Contributor RBAC role
Understanding Contributor IaaS escalation goals
Exploiting Azure platform features with Contributor rights
Extracting data from Azure VMs
Summary
Further reading
8
Chapter 6: Exploiting Contributor Permissions on PaaS Services
Chapter 6: Exploiting Contributor Permissions on PaaS Services
Preparing for Contributor (PaaS) exploit scenarios
Attacking storage accounts
Pillaging keys, secrets, and certificates from Key Vaults
Leveraging web apps for lateral movement and escalation
Extracting credentials from Automation Accounts
Summary
Further reading
9
Chapter 7: Exploiting Owner and Privileged Azure AD Role Permissions
Chapter 7: Exploiting Owner and Privileged Azure AD Role Permissions
Technical requirements
Escalating from Azure AD to Azure RBAC roles
Escalating from subscription Owner to Azure AD roles
Attacking on-premises systems to escalate in Azure
Summary
10
Chapter 8: Persisting in Azure Environments
Chapter 8: Persisting in Azure Environments
Understanding the goals of persistence
Persisting in an Azure subscription
Persisting in an Azure AD tenant
Summary
Further reading
Why subscribe?
11
Other Books You May Enjoy
Other Books You May Enjoy
Packt is searching for authors like you
Share Your Thoughts

An overview of Azure services

As we noted earlier in this chapter, there are over 200 services available in Azure. Even though this sounds like a lot of services, they can generally be grouped into five categories, outlined as follows:

  • Services that are used to host applications: These services provide a runtime environment that can be used to execute application code or run container images. Services such as Azure App Service, Azure Virtual Machine (Azure VM), and Azure Kubernetes Service (AKS) fall into this category. Organizations use them to host external and internal applications.
  • Services that are used to store data for applications: These services are used to store different kinds of application data. Services such as Storage accounts, Azure SQL, and Cosmos DB fall into this category.
  • Services that are used to create applications: These services are used to create workflows that run in the cloud. Services such as Logic Apps and Functions apps fall into this category.
  • Services that are used to enhance applications: These are typically Software-as-a-Service (SaaS)-type services in Azure that are used to provide extra capabilities to other applications. A service such as Azure Cognitive Services falls into this category. This is used by developers to add intelligence to their custom applications using pre-built and pre-trained machine learning algorithms.
  • Services that are used to monitor or manage applications: These are services that are used to manage or monitor other services or applications. Services such as Azure Automation, API Management, Application Insights, and Azure Monitor fall into this category. Additional security-focused services, such as Azure Sentinel and Azure Security Center, would also fall into this category. These services can also provide useful insights from a penetration-testing perspective.

As we progress through the book, we will touch on many services, but the core resources that are important to understand are outlined here.

This table outlines some of the most common Azure services that will be attacked in this book:

As you can see from the preceding information, Microsoft was very practical with the naming of Azure services. For the most part, the service names are based on what the service does. For example, the Azure service used for hosting VMs is called Virtual Machines. In contrast, the equivalent service in AWS would be Elastic Compute Cloud (EC2).

Important note

For anyone that is making the terminology transition from AWS to Azure, the following Microsoft document may be helpful for matching up any of the confusing service names: https://docs.microsoft.com/en-us/azure/architecture/aws-professional/services.

For those more familiar with GCP, Microsoft also has some helpful documentation at https://docs.microsoft.com/en-us/azure/architecture/gcp-professional/services.

In Chapter 3, Finding Azure Services and Vulnerabilities, we will discuss how some of these services can be discovered anonymously using the Azure Domain Name System (DNS) naming structure. In the next section, we will review how access to Azure services is structured and managed using RBAC.

Previous Section
End of Section 4
Next Section