Skip to content

CyberSecurityUP/Awesome-Cloud-PenTest

Repository files navigation

Awesome-Cloud-PenTest

Cloud PenTest - AWS and Azure by Joas

What is AWS

Extras Resources

My Social Networks

What is Azure

PenTest Policy

PenTest in AWS

AWS Security

PenTest in Azure

  • Enumeration

  • o365creeper - Enumerate valid email addresses

  • CloudBrute - Tool to find a cloud infrastructure of a company on top Cloud providers

  • cloud_enum - Multi-cloud OSINT tool. Enumerate public resources in AWS, Azure, and Google Cloud

  • Azucar - Security auditing tool for Azure environments

  • CrowdStrike Reporting Tool for Azure (CRT) - Query Azure AD/O365 tenants for hard to find permissions and configuration settings

  • ScoutSuite - Multi-cloud security auditing tool. Security posture assessment of different cloud environments.

  • BlobHunter - A tool for scanning Azure blob storage accounts for publicly opened blobs

  • Grayhat Warfare - Open Azure blobs and AWS bucket search

  • Information Gathering

  • o365recon - Information gathering with valid credentials to Azure

  • Get-MsolRolesAndMembers.ps1 - Retrieve list of roles and associated role members

  • ROADtools - Framework to interact with Azure AD

  • PowerZure - PowerShell framework to assess Azure security

  • Azurite - Enumeration and reconnaissance activities in the Microsoft Azure Cloud

  • Sparrow.ps1 - Helps to detect possible compromised accounts and applications in the Azure/M365 environment

  • Hawk - Powershell based tool for gathering information related to O365 intrusions and potential breaches

  • Microsoft Azure AD Assessment - Tooling for assessing an Azure AD tenant state and configuration

  • Lateral Movement

  • Stormspotter - Azure Red Team tool for graphing Azure and Azure Active Directory objects

  • AzureADLateralMovement - Lateral Movement graph for Azure Active Directory

  • SkyArk - Discover, assess and secure the most privileged entities in Azure and AWS

  • Exploitation

  • MicroBurst - A collection of scripts for assessing Microsoft Azure security

  • azuread_decrypt_msol_v2.ps1 - Decrypt Azure AD MSOL service account

  • Credential Attacks

    • MSOLSpray - A password spraying tool for Microsoft Online accounts (Azure/O365)
    • MFASweep - A tool for checking if MFA is enabled on multiple Microsoft Services Resources
    • adconnectdump - Dump Azure AD Connect credentials for Azure AD and Active Directory
  • Abusing Azure AD SSO with the Primary Refresh Token

  • Abusing dynamic groups in Azure AD for Privilege Escalation

  • Attacking Azure, Azure AD, and Introducing PowerZure

  • Attacking Azure & Azure AD, Part II

  • Azure AD Connect for Red Teamers

  • Azure AD Introduction for Red Teamers

  • Azure AD Pass The Certificate

  • Azure AD privilege escalation - Taking over default application permissions as Application Admin

  • Defense and Detection for Attacks Within Azure

  • Hunting Azure Admins for Vertical Escalation

  • Impersonating Office 365 Users With Mimikatz

  • Lateral Movement from Azure to On-Prem AD

  • Malicious Azure AD Application Registrations

  • Moving laterally between Azure AD joined machines

  • CrowdStrike Launches Free Tool to Identify and Help Mitigate Risks in Azure Active Directory

  • Privilege Escalation Vulnerability in Azure Functions

  • Azure Application Proxy C2

  • Recovering Plaintext Passwords from Azure Virtual Machines like It’s the 1990s

  • Azure Articles from NetSPI

  • Azure Cheat Sheet on CloudSecDocs

  • Resources about Azure from Cloudberry Engineering

  • Resources from PayloadsAllTheThings

  • Encyclopedia on Hacking the Cloud - (No content yet for Azure)

  • azure-security-lab - Securing Azure Infrastructure - Hands on Lab Guide

  • AzureSecurityLabs - Hands-on Security Labs focused on Azure IaaS Security

  • Building Free Active Directory Lab in Azure

  • https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Cloud%20-%20Azure%20Pentest.md

  • https://github.com/MicrosoftDocs/azure-docs/blob/master/articles/security/fundamentals/pen-testing.md

  • https://github.com/swiftsolves-msft/AzurePenTestScope

Azure Security

About

No description, website, or topics provided.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published