Penetration testing Azure for ethical hackers : develop practical skills to perform pentesting and risk assessment of Microsoft Azure environments /
Chapter 3: Finding Azure Services and Vulnerabilities -- Technical requirements -- Guidelines for Azure penetration testing -- Azure penetration test scopes -- Anonymous service identification -- Test at your own risk -- Azure public IP address ranges -- Hands-on exercise - parsing Azure public IP a...
Clasificación: | Libro Electrónico |
---|---|
Autores principales: | , |
Formato: | Electrónico eBook |
Idioma: | Inglés |
Publicado: |
Birmingham, UK :
Packt>,
2021.
|
Temas: | |
Acceso en línea: | Texto completo (Requiere registro previo con correo institucional) |
Tabla de Contenidos:
- Cover
- Title Page
- Dedicated
- Foreword
- Contributors
- Table of Contents
- Copyright and Credits
- Section 1: Understanding the Azure Platform and Architecture
- Chapter 1: Azure Platform and Architecture Overview
- Technical requirements
- The basics of Microsoft's Azure infrastructure
- Azure clouds and regions
- Azure resource management hierarchy
- An overview of Azure services
- Understanding the Azure RBAC structure
- Security principals
- Role definition
- Role assignment
- Accessing the Azure cloud
- Azure portal
- Azure CLI
- PowerShell
- Azure REST APIs
- Azure Resource Manager
- Summary
- Further reading
- Chapter 2: Building Your Own Environment
- Technical requirements
- Creating a new Azure tenant
- Hands-on exercise: Creating an Azure tenant
- Hands-on exercise: Creating an Azure admin account
- Deploying a pentest VM in Azure
- Hands-on exercise: Deploying your pentest VM
- Hands-on exercise: Installing WSL on your pentest VM
- Hands-on exercise: Installing the Azure and Azure AD PowerShell modules on your pentest VM
- Hands-on exercise: Installing the Azure CLI on your pentest VM (WSL)
- Azure penetration testing tools
- Subdomain takeovers
- Identifying vulnerabilities in public-facing services
- Configuration-related vulnerabilities
- Hands-on exercise
- identifying misconfigured blob containers using MicroBurst
- Patching-related vulnerabilities
- Code-related vulnerabilities
- Finding Azure credentials
- Guessing Azure AD credentials
- Introducing MSOLSpray
- Hands-on exercise
- guessing Azure Active Directory credentials using MSOLSpray
- Conditional Access policies
- Summary
- Further reading
- Section 2: Authenticated Access to Azure
- Chapter 4: Exploiting Reader Permissions
- Technical requirements
- Preparing for the Reader exploit scenarios
- Gathering an inventory of resources
- Introducing PowerZure
- Hands-on exercise
- gathering subscription access information with PowerZure
- Hands-on exercise
- enumerating subscription information with MicroBurst
- Reviewing common cleartext data stores
- Evaluating Azure Resource Manager (ARM) deployments
- Hands-on exercise
- hunting credentials in resource group deployments
- Exploiting App Service configurations
- Escalating privileges using a misconfigured service principal
- Hands-on exercise
- escalating privileges using a misconfigured service principal