You'll understand how hackers can attack resources hosted in the Azure and protect Azure infrastructure by identifying vulnerabilities, along with extending your pentesting tools and capabilities.
2. Agenda
• Overview of Azure Services
• Most common Azure Services that will be
attacked
• Azure Penetration Testing Tools
• Guidelines for Azure Penetration Testing
• Demo
3. Overview of Azure Services
Host applications
Store data for
applications
Create applications
Enhance
applications
Monitor or manage
application
4. Most common Azure Services that will be attacked
App Services Storage Accounts
Automation
Accounts
Virtual Machines
Key Vaults Azure SQL
Azure Container
Registry/ Azure
Container
Instances
5. Azure Penetration Testing Tools
Windows or Linux administration tools
• JQ,httpie,wget,curl,unzip , and PowerShell
General Penetration testing tools
• Gobuster,nmap,dnscan,and hydra
Azure-specific penetration testing tools
• Microbust,Lava,Koboko,PowerZure,Stormspotter nd BloodHound
14. Add the following names to the Notepad file. Save the file and close it:
Scripts
Templates
Archieve
2020
2019
2018
15.
16. Reference
• Penetration Testing Azure for Ethical
Hackers: Develop practical skills to perform
pentesting and risk assessment of
Microsoft Azure environments