Skip to main content Link Search Menu Expand Document (external link)

Introduction

Welcome to Break The Cloud.

Here you will find resources (books, articles, tools, commands, attacks, defenses etc.) to protect cloud environments. This website is a work in progress so keep checking in every now and then. To contribute please send a direct message via twitter to @yaksas443

Cloud Security Standards and Frameworks

Books

General cloud security

Azure security

AWS Security

Trainings

Azure

Articles

Azure

TitleShort Description
Attacking Azure, Azure AD, and Introducing PowerZureA quick overview of Azure and introduction to PowerZure
Azure AD introduction for red teamersExploiting PHS
Azure AD Connect for Red TeamersExploiting PHS and PTA
Azure AD Pass The CertificateExploiting Azure P2P Certificates
Detecting privilege escalation with Azure AD service principals in Microsoft SentinelTalks about Azure Service principals privilege escalation techniques and defenses.
Lateral Movement with Managed Identities of Azure Virtual MachinesAzure Managed Identities deep-dive and lateral movement to Key Vaults, Storage accounts and Azure VMs
What I have learned from doing a year of Cloud Forensics in Azure ADThreat hunting in Azure and Microsoft 365
Exfiltrating data by transfering it to the cloud with AzcopyUsing Azure Storage accounts for data exfiltration
Everything about Service Principals, Applications, and API PermissionsAs the title says.
Malicious Azure AD Application RegistrationsUsing Azure Apps to grab OAuth token via phishing
Azure SAS Tokens for Web Application Penetration TestersDescribes the anatomy of a Shared Access Signature (SAS) token and ways to exploit SAS tokens with weak permissions.
New Azure Active Directory password brute-forcing flaw has no fixDescribes exploiting Azure AD feature (autologon) to launch an undetected brute-force attack.
Illogical Apps – Exploring and Exploiting Azure Logic AppsExploiting Logic Apps and API Connections.

Talks and Videos

Azure

  • Attacking and Defending the Microsoft Cloud (Office 365 & Azure AD)
  • I’m in your cloud, reading everyone’s emails - hacking Azure AD via Active Directory -
    • Summary: Talks about PHS, extracting ADConnect credentials (mcrypt.dll, registry, DPAPI, discovering crpto parameters, decrypt using these and extract clear text password). Using ADConnectionDump (custom tool) to extract ADConnect credentials remotely. Run DC sync with the credentials of AD sync account. Hunting Azure AD admins using AAD Powershell and MSOnline modules. Syncing AAD account to on-premise account using SMTP Matching. Using this access to assign privileges to read mailbox (fixed my MS does not work anymore). Privielge Escalation via Azure Application Admin Role and application permissions. Abusing Seamless SSO to compromise Azure AD if Active Directory is already compromised. Configuring constrained delegation on Azure SSO account to enable attacker controlled account to impersonate any AzureAD user using Kerberos (if MFA is not enabled).

Blogs

Azure

Tools

Multi-cloud

Information Gathering

Azure

Information Gathering

Enumeration and Exploitation

Credential Attacks

Other Resources