Cargando…

Penetration testing Azure for ethical hackers : develop practical skills to perform pentesting and risk assessment of Microsoft Azure environments /

Chapter 3: Finding Azure Services and Vulnerabilities -- Technical requirements -- Guidelines for Azure penetration testing -- Azure penetration test scopes -- Anonymous service identification -- Test at your own risk -- Azure public IP address ranges -- Hands-on exercise - parsing Azure public IP a...

Descripción completa

Detalles Bibliográficos
Clasificación:Libro Electrónico
Autores principales: Okeyode, David (Autor), Fosaaen, Karl (Autor)
Formato: Electrónico eBook
Idioma:Inglés
Publicado: Birmingham, UK : Packt>, 2021.
Temas:
Acceso en línea:Texto completo (Requiere registro previo con correo institucional)
Tabla de Contenidos:
  • Cover
  • Title Page
  • Dedicated
  • Foreword
  • Contributors
  • Table of Contents
  • Copyright and Credits
  • Section 1: Understanding the Azure Platform and Architecture
  • Chapter 1: Azure Platform and Architecture Overview
  • Technical requirements
  • The basics of Microsoft's Azure infrastructure
  • Azure clouds and regions
  • Azure resource management hierarchy
  • An overview of Azure services
  • Understanding the Azure RBAC structure
  • Security principals
  • Role definition
  • Role assignment
  • Accessing the Azure cloud
  • Azure portal
  • Azure CLI
  • PowerShell
  • Azure REST APIs
  • Azure Resource Manager
  • Summary
  • Further reading
  • Chapter 2: Building Your Own Environment
  • Technical requirements
  • Creating a new Azure tenant
  • Hands-on exercise: Creating an Azure tenant
  • Hands-on exercise: Creating an Azure admin account
  • Deploying a pentest VM in Azure
  • Hands-on exercise: Deploying your pentest VM
  • Hands-on exercise: Installing WSL on your pentest VM
  • Hands-on exercise: Installing the Azure and Azure AD PowerShell modules on your pentest VM
  • Hands-on exercise: Installing the Azure CLI on your pentest VM (WSL)
  • Azure penetration testing tools
  • Subdomain takeovers
  • Identifying vulnerabilities in public-facing services
  • Configuration-related vulnerabilities
  • Hands-on exercise
  • identifying misconfigured blob containers using MicroBurst
  • Patching-related vulnerabilities
  • Code-related vulnerabilities
  • Finding Azure credentials
  • Guessing Azure AD credentials
  • Introducing MSOLSpray
  • Hands-on exercise
  • guessing Azure Active Directory credentials using MSOLSpray
  • Conditional Access policies
  • Summary
  • Further reading
  • Section 2: Authenticated Access to Azure
  • Chapter 4: Exploiting Reader Permissions
  • Technical requirements
  • Preparing for the Reader exploit scenarios
  • Gathering an inventory of resources
  • Introducing PowerZure
  • Hands-on exercise
  • gathering subscription access information with PowerZure
  • Hands-on exercise
  • enumerating subscription information with MicroBurst
  • Reviewing common cleartext data stores
  • Evaluating Azure Resource Manager (ARM) deployments
  • Hands-on exercise
  • hunting credentials in resource group deployments
  • Exploiting App Service configurations
  • Escalating privileges using a misconfigured service principal
  • Hands-on exercise
  • escalating privileges using a misconfigured service principal