Skip to content

The following scripts and programs are to help security professionals scope their organizations Azure footprint prior to penetration testing.

Notifications You must be signed in to change notification settings

swiftsolves-msft/AzurePenTestScope

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

17 Commits
 
 
 
 

Repository files navigation

AzurePenTestScope

 

Avoid BlackBox testing when conducting a Azure Penetration Test against your applications or your organization.

 

The following scripts and programs are to help security professionals scope their organizations Azure footprint prior to penetration testing to avoid BlackBox testing scenarios that can lead to inadvertent cross organization creep in a multi tenant service like Azure.

If you are new to Azure Penetration testing please review the following Article, while Microsoft is permissive of pen testing types especially port scanning / fuzzing. If going beyond basics it is always best to notify Microsoft via Pen Test Form and wait for acknowledgment and approval before proceeding.

Finally I highly recommend checking out the book Pentesting Azure Applications by Matt Burrough. Within the chapters Matt goes into other concepts beyond just the network focusing on identity planes and authentication and authorization in Azure.

Please also see Azure Management Groups to gain Read level access across Azure Subscriptions current and future ones that need to be reported on.

Happy PenTesting !

About

The following scripts and programs are to help security professionals scope their organizations Azure footprint prior to penetration testing.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published