Penetration testing Azure for ethical hackers : develop practical skills to perform pentesting and risk assessment of Microsoft Azure environments / David Okeyode, Karl Fosaaen.

Format:

Book

Author/Creator:

Okeyode, David, author.

Fosaaen, Karl, author.

Language:

English

Subjects (All):

Microsoft Azure (Computing platform).

Penetration testing (Computer security).

Computer networks--Security measures.

Computer networks.

Physical Description:

1 online resource (352 p.)

Place of Publication:

Birmingham, UK : Packt>, 2021.

Summary:

Simulate real-world attacks using tactics, techniques, and procedures that adversaries use during cloud breachesKey Features:Understand the different Azure attack techniques and methodologies used by hackersFind out how you can ensure end-to-end cybersecurity in the Azure ecosystemDiscover various tools and techniques to perform successful penetration tests on your Azure infrastructureBook Description:Security professionals working with Azure will be able to put their knowledge to work with this practical guide to penetration testing. The book provides a hands-on approach to exploring Azure penetration testing methodologies that will help you get up and running in no time with the help of a variety of real-world examples, scripts, and ready-to-use source code.As you learn about the Microsoft Azure platform and understand how hackers can attack resources hosted in the Azure cloud, you'll find out how to protect your environment by identifying vulnerabilities, along with extending your pentesting tools and capabilities. This book starts by taking you through the prerequisites for pentesting Azure and shows you how to set up a pentesting lab. You'll then simulate attacks on Azure assets such as web applications and virtual machines from anonymous and authenticated perspectives. Finally, you'll learn about the opportunities for privilege escalation in Azure tenants and ways in which an attacker can create persistent access to an environment.By the end of this book, you'll be able to leverage your ethical hacking skills to identify and implement different tools and techniques to perform successful penetration tests on your own Azure infrastructure.What You Will Learn:Identify how administrators misconfigure Azure services, leaving them open to exploitationUnderstand how to detect cloud infrastructure, service, and application misconfigurationsExplore processes and techniques for exploiting common Azure security issuesUse on-premises networks to pivot and escalate access within AzureDiagnose gaps and weaknesses in Azure security implementationsUnderstand how attackers can escalate privileges in Azure ADWho this book is for:This book is for new and experienced infosec enthusiasts who want to learn how to simulate real-world Azure attacks using tactics, techniques, and procedures (TTPs) that adversaries use in cloud breaches. Any technology professional working with the Azure platform (including Azure administrators, developers, and DevOps engineers) interested in learning how attackers exploit vulnerabilities in Azure hosted infrastructure, applications, and services will find this book useful.

Contents:

Cover

Title Page

Dedicated

Foreword

Contributors

Table of Contents

Copyright and Credits

Section 1: Understanding the Azure Platform and Architecture

Chapter 1: Azure Platform and Architecture Overview

Technical requirements

The basics of Microsoft's Azure infrastructure

Azure clouds and regions

Azure resource management hierarchy

An overview of Azure services

Understanding the Azure RBAC structure

Security principals

Role definition

Role assignment

Accessing the Azure cloud

Azure portal

Azure CLI

PowerShell

Azure REST APIs

Azure Resource Manager

Summary

Further reading

Chapter 2: Building Your Own Environment

Creating a new Azure tenant

Hands-on exercise: Creating an Azure tenant

Hands-on exercise: Creating an Azure admin account

Deploying a pentest VM in Azure

Hands-on exercise: Deploying your pentest VM

Hands-on exercise: Installing WSL on your pentest VM

Hands-on exercise: Installing the Azure and Azure AD PowerShell modules on your pentest VM

Hands-on exercise: Installing the Azure CLI on your pentest VM (WSL)

Azure penetration testing tools

Subdomain takeovers

Identifying vulnerabilities in public-facing services

Configuration-related vulnerabilities

Hands-on exercise

identifying misconfigured blob containers using MicroBurst

Patching-related vulnerabilities

Code-related vulnerabilities

Finding Azure credentials

Guessing Azure AD credentials

Introducing MSOLSpray

guessing Azure Active Directory credentials using MSOLSpray

Conditional Access policies

Section 2: Authenticated Access to Azure

Chapter 4: Exploiting Reader Permissions

Technical requirements

Preparing for the Reader exploit scenarios

Gathering an inventory of resources

Introducing PowerZure

gathering subscription access information with PowerZure

enumerating subscription information with MicroBurst

Reviewing common cleartext data stores

Evaluating Azure Resource Manager (ARM) deployments

hunting credentials in resource group deployments

Exploiting App Service configurations

Escalating privileges using a misconfigured service principal

Hands-on exercise

escalating privileges using a misconfigured service principal

Notes:

OCLC-licensed vendor bibliographic record.

ISBN:

9781839212932

1839212934

OCLC:

1288626909

Publisher Number:

9781839212932