BlackSky: Cyclone
Introduction
Mega Multinational is a global leader in the Freight Logistics industry. They are not cloud native, but are looking to transition more infrastructure to Microsoft Azure, in order to mitigate the perceived risks of hosting their own infrastructure. They have enlisted your services to perform an “assume breach” assessment of their cloud infrastructure, using the external IP address and credentials provided.
Important Note: After connecting to the VPN, you will not be on the same network as the entry point IP address. Reverse shell and web call backs over the internet are not required for this lab.
Basics ----- Azure
email: username@megamultinational.com
Password:
github: github.com/BloodHoundAD/Azure...
❯ azurehound list -u "$USERNAME" -p "$PASSWORD" -t "$TENANT" -o "mytenant.json"
azurehound list -u "" -p "" -t "1e3500cc-d08f-42c8-8678-ce352b7de55e" -o "mytenant.json"
cat mytenant.json | jq | grep -i "Blacksky"
#blacksky #htb #azure
For those of you interested in learning Azure Security and Penetration Testing, here is my best list of shared and compiled resources:
Training
[Training - Slide Deck] Microsoft Security Training Path \
A high-level resource provided by Microsoft follow their training paths \
query.prod.cms.rt.microsoft.c...
[Training - Live Sessions] [FREE] Microsoft Security Training Days \
Explore free, in-depth training from Microsoft Learn to learn how to detect threats, help keep hybrid clouds secure, safeguard information, and manage your digital security need \
events.microsoft.com/en-us/mv...
[Training - Slide Deck] [FREE] Getting Started in Pentesting the Cloud: Azure \
Beau Bullock’s guide to starting Azure Pentesting \
www.blackhillsinfosec.com/wp-...
[Training] [Paid] Antisyphon Training - Breaching the Cloud with Beau Bullock \
Walks through a complete penetration testing methodology of cloud-based infrastructure on AWS, Azure, and GCP \
www.antisyphontraining.com/on...
www.antisyphontraining.com/li...
[Training] [Free tier + Paid] Cloud Academy - Azure \
Database for learning paths, courses, quizzes, and labs, to learn Microsoft Azure \
cloudacademy.com/library/azure/
raw.githubusercontent.com/red...
Resources, Research & Reading
Labs
[Lab] [FREE] Microsoft Azure - Free Trial \
Explore free Azure services. See which services offer free monthly amounts, and explore \
azure.microsoft.com/en-us/pri...
[Lab] [FREE] Mandiant - Azure Red Team Attack and Detect Workshop \
A vulnerable-by-design Azure lab containing 2 x attack paths with common misconfigurations \
github.com/mandiant/Azure_Wor...
[Lab] [FREE] INE - AzureGoat \
An intentionally vulnerable Azure infrastructure \
github.com/ine-labs/AzureGoat
[Lab + Building] [FREE] Kamran Bilgrami - Ethical Hacking Lessons
Building Free Active Directory Lab in Azure
/ ethical-hacking-lesson...
[Lab] [Free tier] + [Paid] Pwnedlabs \
Real-world, byte sized cloud security labs for training \
pwnedlabs.io/
[Lab] [FREE] PurpleCloud
Terraform code generator to create different Azure security labs \
github.com/iknowjason/PurpleC...
www.purplecloud.network/
[Lab] [FREE] Appsecco - Breaking and Pwning Apps and Servers on AWS and Azure \
Free Training Courseware and Labs \
github.com/appsecco/breaking-...
[Lab] [Paid] Hack the Box - Black Sky - Cyclone
Enterprise only cloud penetration testing labs
www.hackthebox.com/business/p...
Azure Tools
[Tool] [FREE] Soteria - Azure Inspect \
PowerShell script that automates the security assessment of Microsoft Azure environments \
github.com/soteria-security/A...
[Tool + Install list] [FREE] Azure-Pentest-Toolkit \
This repository contains a framework of curated Azure penetration testing tools \
github.com/cr4ck3rj4ck5/Azure...
[Tool] [FREE] Azure - Stormspotter \
Stormspotter creates an “attack graph” of the resources in an Azure subscription \
github.com/Azure/Stormspotter
[Tool] [FREE] Hausec - PowerZure \
Framework that can both perform reconnaissance and exploitation of Azure, AzureAD, and the associated resources \
github.com/hausec/PowerZure
[Tool] [FREE] BloodhoundAD - AzureHound \
The official tool for collecting Azure data for BloodHound and BloodHound Enterprise \
github.com/BloodHoundAD/Azure...