We recently performed an Azure Cloud Red Team Assessment where we were granted a basic reader role. In this talk we will be giving a detailed walkthrough of how we managed to perform enumeration over 2000+ Azure Services, 8000+ users, 3000+ Groups, 1500+ service principals, etc. with this minimal role.
This talk will help you understand even with restricted environment due to Azure policies and Conditional access polices how we managed to gain privileged access on Azure services and on Azure AD components.
We will also show how we managed to become an Owner over 25+ Azure Subscriptions and how we become Global Admin by pivoting to On-prem servers through Function Apps.
More: confidence-con...