Description |
1 online resource (xvii, 332 pages) : color illustrations |
Bibliography |
Includes bibliographical references and index. |
Contents |
Cover -- Title Page -- Dedicated -- Foreword -- Contributors -- Table of Contents -- Copyright and Credits -- Section 1: Understanding the Azure Platform and Architecture -- Chapter 1: Azure Platform and Architecture Overview -- Technical requirements -- The basics of Microsoft's Azure infrastructure -- Azure clouds and regions -- Azure resource management hierarchy -- An overview of Azure services -- Understanding the Azure RBAC structure -- Security principals -- Role definition -- Role assignment -- Accessing the Azure cloud -- Azure portal -- Azure CLI -- PowerShell -- Azure REST APIs |
|
Azure Resource Manager -- Summary -- Further reading -- Chapter 2: Building Your Own Environment -- Technical requirements -- Creating a new Azure tenant -- Hands-on exercise: Creating an Azure tenant -- Hands-on exercise: Creating an Azure admin account -- Deploying a pentest VM in Azure -- Hands-on exercise: Deploying your pentest VM -- Hands-on exercise: Installing WSL on your pentest VM -- Hands-on exercise: Installing the Azure and Azure AD PowerShell modules on your pentest VM -- Hands-on exercise: Installing the Azure CLI on your pentest VM (WSL) -- Azure penetration testing tools |
|
Subdomain takeovers -- Identifying vulnerabilities in public-facing services -- Configuration-related vulnerabilities -- Hands-on exercise -- identifying misconfigured blob containers using MicroBurst -- Patching-related vulnerabilities -- Code-related vulnerabilities -- Finding Azure credentials -- Guessing Azure AD credentials -- Introducing MSOLSpray -- Hands-on exercise -- guessing Azure Active Directory credentials using MSOLSpray -- Conditional Access policies -- Summary -- Further reading -- Section 2: Authenticated Access to Azure -- Chapter 4: Exploiting Reader Permissions |
|
Technical requirements -- Preparing for the Reader exploit scenarios -- Gathering an inventory of resources -- Introducing PowerZure -- Hands-on exercise -- gathering subscription access information with PowerZure -- Hands-on exercise -- enumerating subscription information with MicroBurst -- Reviewing common cleartext data stores -- Evaluating Azure Resource Manager (ARM) deployments -- Hands-on exercise -- hunting credentials in resource group deployments -- Exploiting App Service configurations -- Escalating privileges using a misconfigured service principal |
|
Hands-on exercise -- escalating privileges using a misconfigured service principal |
Summary |
Chapter 3: Finding Azure Services and Vulnerabilities -- Technical requirements -- Guidelines for Azure penetration testing -- Azure penetration test scopes -- Anonymous service identification -- Test at your own risk -- Azure public IP address ranges -- Hands-on exercise - parsing Azure public IP addresses using PowerShell -- Azure platform DNS suffixes -- Hands-on exercise - using MicroBurst to enumerate PaaS services -- Custom domains and IP ownership -- Introducing Cloud IP Checker -- Hands-on exercise - determining whether custom domain services are hosted in Azure. |
Subject |
Microsoft Azure (Computing platform)
|
|
Penetration testing (Computer security)
|
|
Computer networks -- Security measures.
|
|
Tests d'intrusion. |
|
Réseaux d'ordinateurs -- Sécurité -- Mesures. |
|
Microsoft Azure (Plateforme informatique) |
|
Microsoft Azure (Computing platform) |
|
Computer networks -- Security measures |
|
Penetration testing (Computer security) |
Added Author |
Fosaaen, Karl, author.
|
Other Form: |
Print version: Okeyode, David Penetration Testing Azure for Ethical Hackers Birmingham : Packt Publishing, Limited,c2021 |
ISBN |
9781839214707 (electronic bk.) |
|
1839214708 (electronic bk.) |
Standard No. |
9781839212932 |
|