Cheah Eng Soon, profile picture
Uploaded byCheah Eng Soon
PDF, PPTX752 views

Azure Penetration Testing

The document outlines an agenda for Azure penetration testing, covering an overview of Azure services, common attack targets, and various penetration testing tools. It includes guidelines for ethical hacking within Azure environments and emphasizes the importance of identifying vulnerabilities in public-facing services. The document also mentions specific tools for Azure penetration testing and offers a demo for practical skill development.

Embed presentation

Download as PDF, PPTX
Azure Penetration Testing Eng Soon Cheah Microsoft MVP
Agenda • Overview of Azure Services • Most common Azure Services that will be attacked • Azure Penetration Testing Tools • Guidelines for Azure Penetration Testing • Demo
Overview of Azure Services Host applications Store data for applications Create applications Enhance applications Monitor or manage application
Most common Azure Services that will be attacked App Services Storage Accounts Automation Accounts Virtual Machines Key Vaults Azure SQL Azure Container Registry/ Azure Container Instances
Azure Penetration Testing Tools Windows or Linux administration tools • JQ,httpie,wget,curl,unzip , and PowerShell General Penetration testing tools • Gobuster,nmap,dnscan,and hydra Azure-specific penetration testing tools • Microbust,Lava,Koboko,PowerZure,Stormspotter nd BloodHound
Azure Penetration Testing Scopes Anonymous external testing Read-only configuration review Internal network testing Architecture review
Demo Test at your own risk
Identifying vulnerabilities in public-facing services MicroBurst Virtual Machine with WSL
Add the following names to the Notepad file. Save the file and close it: Scripts Templates Archieve 2020 2019 2018
Reference • Penetration Testing Azure for Ethical Hackers: Develop practical skills to perform pentesting and risk assessment of Microsoft Azure environments

More Related Content

PPT
Application Security
byReggie Niccolo Santos
 
PPTX
Introduction to penetration testing
byNezar Alazzabi
 
PPTX
Ethical Hacking n VAPT presentation by Suvrat jain
bySuvrat Jain
 
PDF
Azure Penetration Testing
byCheah Eng Soon
 
PDF
Application Security - Your Success Depends on it
byWSO2
 
PDF
Checkmarx meetup API Security - API Security top 10 - Erez Yalon
byAdar Weidman
 
PDF
API Security Best Practices & Guidelines
byPrabath Siriwardena
 
PDF
20 common security vulnerabilities and misconfiguration in Azure
byCheah Eng Soon
 
Application Security
byReggie Niccolo Santos
 
Introduction to penetration testing
byNezar Alazzabi
 
Ethical Hacking n VAPT presentation by Suvrat jain
bySuvrat Jain
 
Azure Penetration Testing
byCheah Eng Soon
 
Application Security - Your Success Depends on it
byWSO2
 
Checkmarx meetup API Security - API Security top 10 - Erez Yalon
byAdar Weidman
 
API Security Best Practices & Guidelines
byPrabath Siriwardena
 
20 common security vulnerabilities and misconfiguration in Azure
byCheah Eng Soon
 

What's hot

PPTX
Static Analysis Security Testing for Dummies... and You
byKevin Fealey
 
PDF
Web Application Penetration Testing
byPriyanka Aash
 
PDF
Threat Modeling Everything
byAnne Oikarinen
 
PPTX
OWASP Top 10 2021 Presentation (Jul 2022)
byTzahiArabov
 
PPT
Pentesting Using Burp Suite
byjasonhaddix
 
PDF
Threat Modelling
byn|u - The Open Security Community
 
PPTX
Vulnerability assessment and penetration testing
byAbu Sadat Mohammed Yasin
 
PPTX
Threat Hunting with Splunk Hands-on
bySplunk
 
PPTX
Red Team Framework
byAdrian Sanabria
 
PDF
Threat Modeling Using STRIDE
byGirindro Pringgo Digdo
 
PPTX
HTTP HOST header attacks
byDefconRussia
 
PPTX
Azure security and Compliance
byKarina Matos
 
PPT
Web Application Security Testing
byMarco Morana
 
PPT
Penetration Testing Basics
byRick Wanner
 
PPTX
Azure key vault
byRahul Nath
 
PPTX
Azure Storage
byMustafa
 
PPTX
File upload vulnerabilities & mitigation
byOnwukike Chinedu. CISA, CEH, COBIT5 LI, CCNP
 
PDF
OWASP API Security Top 10 Examples
by42Crunch
 
PPTX
Web application security
byKapil Sharma
 
PDF
Pentesting Rest API's by :- Gaurang Bhatnagar
byOWASP Delhi
 
Static Analysis Security Testing for Dummies... and You
byKevin Fealey
 
Web Application Penetration Testing
byPriyanka Aash
 
Threat Modeling Everything
byAnne Oikarinen
 
OWASP Top 10 2021 Presentation (Jul 2022)
byTzahiArabov
 
Pentesting Using Burp Suite
byjasonhaddix
 
Threat Modelling
byn|u - The Open Security Community
 
Vulnerability assessment and penetration testing
byAbu Sadat Mohammed Yasin
 
Threat Hunting with Splunk Hands-on
bySplunk
 
Red Team Framework
byAdrian Sanabria
 
Threat Modeling Using STRIDE
byGirindro Pringgo Digdo
 
HTTP HOST header attacks
byDefconRussia
 
Azure security and Compliance
byKarina Matos
 
Web Application Security Testing
byMarco Morana
 
Penetration Testing Basics
byRick Wanner
 
Azure key vault
byRahul Nath
 
Azure Storage
byMustafa
 
File upload vulnerabilities & mitigation
byOnwukike Chinedu. CISA, CEH, COBIT5 LI, CCNP
 
OWASP API Security Top 10 Examples
by42Crunch
 
Web application security
byKapil Sharma
 
Pentesting Rest API's by :- Gaurang Bhatnagar
byOWASP Delhi
 

Similar to Azure Penetration Testing

PPTX
Azure Penetration Testing: The Ultimate Complete Guide
byQualysec Technologies - #1 Cybersecurity Company | Penetration Testing Services
 
PDF
DerbyCon 8 - Attacking Azure Environments with PowerShell
byKarl Fosaaen
 
PDF
Penetration Testing Services_ Comprehensive Guide 2024.pdf
byqualysectechnology98
 
PDF
BSides Portland - Attacking Azure Environments with PowerShell
byKarl Fosaaen
 
PPTX
WTF is Penetration Testing v.2
byScott Sutherland
 
PPTX
Market Trends in Microsoft Azure
byGlobalLogic Ukraine
 
PPTX
Assessing a pen tester: Making the right choice when choosing a third party P...
byJason Broz, CIPP/US
 
PPTX
web_application_penetration_testing.pptx
bynivicybersolutions
 
Azure Penetration Testing: The Ultimate Complete Guide
byQualysec Technologies - #1 Cybersecurity Company | Penetration Testing Services
 
DerbyCon 8 - Attacking Azure Environments with PowerShell
byKarl Fosaaen
 
Penetration Testing Services_ Comprehensive Guide 2024.pdf
byqualysectechnology98
 
BSides Portland - Attacking Azure Environments with PowerShell
byKarl Fosaaen
 
WTF is Penetration Testing v.2
byScott Sutherland
 
Market Trends in Microsoft Azure
byGlobalLogic Ukraine
 
Assessing a pen tester: Making the right choice when choosing a third party P...
byJason Broz, CIPP/US
 
web_application_penetration_testing.pptx
bynivicybersolutions
 

More from Cheah Eng Soon

PPTX
Microsoft Defender for Endpoint
byCheah Eng Soon
 
PPTX
Azure Active Directory - Secure and Govern
byCheah Eng Soon
 
PPTX
Microsoft Zero Trust
byCheah Eng Soon
 
PPTX
MEM for OnPrem Environments
byCheah Eng Soon
 
PPTX
Microsoft Threat Protection Automated Incident Response
byCheah Eng Soon
 
PPTX
Microsoft Threat Protection Automated Incident Response Demo
byCheah Eng Soon
 
PPTX
Microsoft Secure Score Demo
byCheah Eng Soon
 
PPTX
Microsoft Cloud App Security Demo
byCheah Eng Soon
 
PPTX
M365 Attack Simulation Demo
byCheah Eng Soon
 
PPTX
Cloud Security Demo
byCheah Eng Soon
 
PPTX
Azure Active Directory - External Identities Demo
byCheah Eng Soon
 
PPTX
Azure WAF
byCheah Eng Soon
 
PPTX
Azure Weekend 2020 Build Malaysia Bus Uncle Chatbot
byCheah Eng Soon
 
PPTX
Microsoft Azure的20大常见安全漏洞与配置错误
byCheah Eng Soon
 
PPTX
Integrate Microsoft Graph with Azure Bot Services
byCheah Eng Soon
 
PPTX
Azure Sentinel with Office 365
byCheah Eng Soon
 
PPTX
3 Steps Integrate Microsoft Graph with Azure Bot Services
byCheah Eng Soon
 
PDF
Data Science - The Most Profitable Movie Characteristic
byCheah Eng Soon
 
PPTX
Modernize your Security Operations with Azure Sentinel
byCheah Eng Soon
 
PPTX
Azure Sentinel
byCheah Eng Soon
 
Microsoft Defender for Endpoint
byCheah Eng Soon
 
Azure Active Directory - Secure and Govern
byCheah Eng Soon
 
Microsoft Zero Trust
byCheah Eng Soon
 
MEM for OnPrem Environments
byCheah Eng Soon
 
Microsoft Threat Protection Automated Incident Response
byCheah Eng Soon
 
Microsoft Threat Protection Automated Incident Response Demo
byCheah Eng Soon
 
Microsoft Secure Score Demo
byCheah Eng Soon
 
Microsoft Cloud App Security Demo
byCheah Eng Soon
 
M365 Attack Simulation Demo
byCheah Eng Soon
 
Cloud Security Demo
byCheah Eng Soon
 
Azure Active Directory - External Identities Demo
byCheah Eng Soon
 
Azure WAF
byCheah Eng Soon
 
Azure Weekend 2020 Build Malaysia Bus Uncle Chatbot
byCheah Eng Soon
 
Microsoft Azure的20大常见安全漏洞与配置错误
byCheah Eng Soon
 
Integrate Microsoft Graph with Azure Bot Services
byCheah Eng Soon
 
Azure Sentinel with Office 365
byCheah Eng Soon
 
3 Steps Integrate Microsoft Graph with Azure Bot Services
byCheah Eng Soon
 
Data Science - The Most Profitable Movie Characteristic
byCheah Eng Soon
 
Modernize your Security Operations with Azure Sentinel
byCheah Eng Soon
 
Azure Sentinel
byCheah Eng Soon
 

Recently uploaded

PDF
AI-Powered Alert Analysis with ClickHouse - DB Mastery Jan'26
byAlkin Tezuysal
 
PPTX
Jisc Equipment Data Service Update Workshop 3 December 2025
byJisc
 
PDF
Adapt.com Seed Fundraising Deck | The AI Computer for Business
byashley459565
 
PDF
Certified AI-Empowered SAFe Release Train Engineer.pdf
byMarc Entsminger SPC6, RTE, SSM, SA, SDP
 
PDF
Bettersize | BeSEC Series Product Brochure
byBettersize Instruments
 
PDF
Transcript: EU regulations for the North American book supply chain - Tech Fo...
byBookNet Canada
 
PDF
January 2026 OpenMetadata Community Spotlight - OpenMetadata @ Wix.pdf
byOpenMetadata
 
PDF
Why AI Girlfriends Are the Future of Digital Companionship
byAi Angels
 
PDF
How to build hackthon projects from ZERO!
byishantyadav1111
 
PDF
"Painless Major Upgrade: A Strategy for Updating Large Codebases", Andrii Yat...
byFwdays
 
PPTX
Software Engineering in the Age of AI Agents
byHusseinMalikMammadli
 
PDF
Build Next-Gen Spatial & Sensor Workflows: Secure, Scalable Processing in Sno...
bySafe Software
 
PDF
Computer-Based Training (CBT) The Backbone of Modern Technical & Defence Trai...
bycomputerbasedtrainin1
 
PDF
Title Installing Windows, Linux, MacOS.pdf
byGeraldAbadajos
 
PDF
Agentic-Document-Extraction-2026-Presentation.pdf
byTamanna
 
PDF
Peculiar Findings Around CEX Activity and ETH Price
bytobbymnbvcxz
 
PDF
Post-Hackathon-Learnings-Maximizing-Impact-Beyond-the-Event.pdf
byishantyadav1111
 
PDF
Real-Time AI at Scale Masterclass - Challenges of AI at Scale
byScyllaDB
 
PDF
When Drones Decide for Themselves_ Inside the Rise of Machine-Led Flight.pdf
byLyra Anderson
 
PDF
Taxonomy Alignment for SDG Tagging - ASHA Case Study
byEnterprise Knowledge
 
AI-Powered Alert Analysis with ClickHouse - DB Mastery Jan'26
byAlkin Tezuysal
 
Jisc Equipment Data Service Update Workshop 3 December 2025
byJisc
 
Adapt.com Seed Fundraising Deck | The AI Computer for Business
byashley459565
 
Certified AI-Empowered SAFe Release Train Engineer.pdf
byMarc Entsminger SPC6, RTE, SSM, SA, SDP
 
Bettersize | BeSEC Series Product Brochure
byBettersize Instruments
 
Transcript: EU regulations for the North American book supply chain - Tech Fo...
byBookNet Canada
 
January 2026 OpenMetadata Community Spotlight - OpenMetadata @ Wix.pdf
byOpenMetadata
 
Why AI Girlfriends Are the Future of Digital Companionship
byAi Angels
 
How to build hackthon projects from ZERO!
byishantyadav1111
 
"Painless Major Upgrade: A Strategy for Updating Large Codebases", Andrii Yat...
byFwdays
 
Software Engineering in the Age of AI Agents
byHusseinMalikMammadli
 
Build Next-Gen Spatial & Sensor Workflows: Secure, Scalable Processing in Sno...
bySafe Software
 
Computer-Based Training (CBT) The Backbone of Modern Technical & Defence Trai...
bycomputerbasedtrainin1
 
Title Installing Windows, Linux, MacOS.pdf
byGeraldAbadajos
 
Agentic-Document-Extraction-2026-Presentation.pdf
byTamanna
 
Peculiar Findings Around CEX Activity and ETH Price
bytobbymnbvcxz
 
Post-Hackathon-Learnings-Maximizing-Impact-Beyond-the-Event.pdf
byishantyadav1111
 
Real-Time AI at Scale Masterclass - Challenges of AI at Scale
byScyllaDB
 
When Drones Decide for Themselves_ Inside the Rise of Machine-Led Flight.pdf
byLyra Anderson
 
Taxonomy Alignment for SDG Tagging - ASHA Case Study
byEnterprise Knowledge
 

Azure Penetration Testing

  • 1.
    Azure Penetration Testing EngSoon Cheah Microsoft MVP
  • 2.
    Agenda • Overview ofAzure Services • Most common Azure Services that will be attacked • Azure Penetration Testing Tools • Guidelines for Azure Penetration Testing • Demo
  • 3.
    Overview of AzureServices Host applications Store data for applications Create applications Enhance applications Monitor or manage application
  • 4.
    Most common AzureServices that will be attacked App Services Storage Accounts Automation Accounts Virtual Machines Key Vaults Azure SQL Azure Container Registry/ Azure Container Instances
  • 5.
    Azure Penetration TestingTools Windows or Linux administration tools • JQ,httpie,wget,curl,unzip , and PowerShell General Penetration testing tools • Gobuster,nmap,dnscan,and hydra Azure-specific penetration testing tools • Microbust,Lava,Koboko,PowerZure,Stormspotter nd BloodHound
  • 6.
    Azure Penetration TestingScopes Anonymous external testing Read-only configuration review Internal network testing Architecture review
  • 7.
  • 8.
    Identifying vulnerabilities in public-facingservices MicroBurst Virtual Machine with WSL
  • 14.
    Add the followingnames to the Notepad file. Save the file and close it: Scripts Templates Archieve 2020 2019 2018
  • 16.
    Reference • Penetration TestingAzure for Ethical Hackers: Develop practical skills to perform pentesting and risk assessment of Microsoft Azure environments