Page 5
Last updated
Last updated
Abuse services like Automation accounts, Key Vaults, Storage Accounts, Deployment History and more for horizontal and vertical privilege escalation in Azure.
Escalate privileges in Azure AD and Azure by abusing Custom roles.
Abuse permissions on other resources (like Ownership, ability to add application password and role assignments) to escalate privileges.
Abuse Custom Script Extension and RunCommand privileges to run commands as SYSTEM on Azure VMs.
Understand Dynamic Groups and abuse the membership rule to get membership of a dynamic group.
To mitigate the risks associated with the potential abuses outlined, organizations should adopt the following best practices:
Implement Strict Access Controls: Ensure that permissions are granted based on the principle of least privilege. Regularly review and audit permissions for all Azure resources.
Enable Multi-Factor Authentication (MFA): For all users, especially those with privileged access, enabling MFA adds an additional layer of security.
Monitor and Audit Activity Logs: Use Azure Monitor and Azure Security Center to keep track of user activities and detect unusual access patterns or modifications to resources.
Secure Management of Keys and Secrets: Utilize Azure Key Vault for the management of secrets, cryptographic keys, and certificates. Apply access policies and monitor access to the Key Vault.
Regularly Update and Patch Systems: Keep all systems, including virtual machines and applications running on Azure, updated and patched to protect against vulnerabilities.
Utilize Azure Policies for Compliance: Define and apply Azure policies to enforce security standards and compliance across your Azure environment.
By adhering to these security best practices, organizations can significantly reduce their attack surface and enhance their security posture in Azure.