Penetration testing Azure for ethical hackers : develop practical skills to perform pentesting and risk assessment of Microsoft Azure environments

Penetration testing Azure for ethical hackers develop practical skills to perform pentesting and risk assessment of Microsoft Azure environments

Simulate real-world attacks using tactics, techniques, and procedures that adversaries use during cloud breachesKey Features:Understand the different Azure attack techniques and methodologies used by hackersFind out how you can ensure end-to-end cybersecurity in the Azure ecosystemDiscover various t...

Descripción completa

Detalles Bibliográficos
Otros Autores: Okeyode, David, author (author), Fosaaen, Karl, author
Formato: Libro electrónico
Idioma:Inglés
Publicado: Birmingham, UK : Packt> 2021.
Materias:
Microsoft Azure (Computing platform)
Penetration testing (Computer security)
Computer networks > Security measures.
Ver en Biblioteca Universitat Ramon Llull:https://discovery.url.edu/permalink/34CSUC_URL/1im36ta/alma991009644294106719
Tabla de Contenidos:
  • Cover
  • Title Page
  • Dedicated
  • Foreword
  • Contributors
  • Table of Contents
  • Copyright and Credits
  • Section 1: Understanding the Azure Platform and Architecture
  • Chapter 1: Azure Platform and Architecture Overview
  • Technical requirements
  • The basics of Microsoft's Azure infrastructure
  • Azure clouds and regions
  • Azure resource management hierarchy
  • An overview of Azure services
  • Understanding the Azure RBAC structure
  • Security principals
  • Role definition
  • Role assignment
  • Accessing the Azure cloud
  • Azure portal
  • Azure CLI
  • PowerShell
  • Azure REST APIs
  • Azure Resource Manager
  • Summary
  • Further reading
  • Chapter 2: Building Your Own Environment
  • Technical requirements
  • Creating a new Azure tenant
  • Hands-on exercise: Creating an Azure tenant
  • Hands-on exercise: Creating an Azure admin account
  • Deploying a pentest VM in Azure
  • Hands-on exercise: Deploying your pentest VM
  • Hands-on exercise: Installing WSL on your pentest VM
  • Hands-on exercise: Installing the Azure and Azure AD PowerShell modules on your pentest VM
  • Hands-on exercise: Installing the Azure CLI on your pentest VM (WSL)
  • Azure penetration testing tools
  • Subdomain takeovers
  • Identifying vulnerabilities in public-facing services
  • Configuration-related vulnerabilities
  • Hands-on exercise
  • identifying misconfigured blob containers using MicroBurst
  • Patching-related vulnerabilities
  • Code-related vulnerabilities
  • Finding Azure credentials
  • Guessing Azure AD credentials
  • Introducing MSOLSpray
  • Hands-on exercise
  • guessing Azure Active Directory credentials using MSOLSpray
  • Conditional Access policies
  • Summary
  • Further reading
  • Section 2: Authenticated Access to Azure
  • Chapter 4: Exploiting Reader Permissions
  • Technical requirements
  • Preparing for the Reader exploit scenarios
  • Gathering an inventory of resources
  • Introducing PowerZure
  • Hands-on exercise
  • gathering subscription access information with PowerZure
  • Hands-on exercise
  • enumerating subscription information with MicroBurst
  • Reviewing common cleartext data stores
  • Evaluating Azure Resource Manager (ARM) deployments
  • Hands-on exercise
  • hunting credentials in resource group deployments
  • Exploiting App Service configurations
  • Escalating privileges using a misconfigured service principal
  • Hands-on exercise
  • escalating privileges using a misconfigured service principal

Ejemplares similares