0

Explore Products

Best Sellers

New Releases

Books

Videos

Audiobooks

Free Learning

Penetration Testing Azure for Ethical Hackers

You're reading from Penetration Testing Azure for Ethical Hackers Develop practical skills to perform pentesting and risk assessment of Microsoft Azure environments

Product type Paperback

Published in Nov 2021

Publisher Packt

ISBN-13 9781839212932

Length 352 pages

Edition 1st Edition

Tools

Azure

Concepts

Penetration Testing

Authors (2):

David Okeyode

Karl Fosaaen

View More author details

Table of Contents (12) Chapters

Preface

1. Section 1: Understanding the Azure Platform and Architecture

2. Chapter 1: Azure Platform and Architecture Overview FREE CHAPTER

3. Chapter 2: Building Your Own Environment

4. Chapter 3: Finding Azure Services and Vulnerabilities

5. Section 2: Authenticated Access to Azure

6. Chapter 4: Exploiting Reader Permissions

7. Chapter 5: Exploiting Contributor Permissions on IaaS Services

8. Chapter 6: Exploiting Contributor Permissions on PaaS Services

9. Chapter 7: Exploiting Owner and Privileged Azure AD Role Permissions

10. Chapter 8: Persisting in Azure Environments

11. Other Books You May Enjoy

Chapter 4: Exploiting Reader Permissions

While the Reader role is not as heavily used in subscriptions as the Contributor or Owner roles, it does allow users to read basic information about the resources and configurations of the services. As an initial entry point into an environment, the Reader role may allow you to read sensitive information that could be used to pivot to more privileged roles.

The Reader role does not allow any modifications to services or resources, but it will allow an attacker to enumerate the attack surface area for the environment. This reason is frequently a driver for issuing Reader access to any Azure AD accounts that might be provisioned for use during an Azure penetration test.

For good reason, many organizations want to avoid giving a penetration tester mutating (Contributor or higher) access on a subscription during a penetration test. By issuing a Reader role account, the tester will gain insight that will help them identify misconfigurations...

The rest of the chapter is locked

Register for a free Packt account to unlock a world of extra content!

A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.

Unlock this book and the full library FREE for 7 days

Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of

Start free trial

Renews at €18.99/month. Cancel anytime

Authors (2)

David Okeyode

David Okeyode

David Okeyode is the EMEA chief technology officer for Azure at Palo Alto Networks. Before that, he was an independent consultant helping companies secure their Azure environments through private expert-level training and assessments. He has authored three books on Azure security – Penetration Testing Azure for Ethical Hackers, Microsoft Azure Security Technologies Certification and Beyond, and Designing and Implementing Microsoft Azure Networking Solutions. He has also authored multiple cloud computing courses for the popular training platform LinkedIn Learning. He holds over 15 cloud certifications across Azure and AWS platforms, including the Azure Security Engineer, Azure DevOps, and AWS Security Specialist certifications. David is married to a lovely girl who makes the best banana cake in the world. They love traveling the world together!

See other products by David Okeyode

Fosaaen

Fosaaen

As a Practice Director at NetSPI, Karl leads the Cloud Penetration Testing service line and oversees NetSPI's Portland, OR office. Karl holds a BS in Computer Science from the University of Minnesota and has over a decade of consulting experience in the computer security industry. Karl spends most of his research time focusing on Azure security and contributing to the NetSPI blog. As part of this research, Karl created the MicroBurst toolkit on GitHub to house many of the PowerShell tools that he uses for testing Azure.

See other products by Fosaaen

Personalised recommendations for you

Based on your interests and search pattern

The Aspiring CIO and CISO

The Aspiring CIO and CISO

This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.

Jun 2024 8h 32m

The Aspiring CIO and CISO

The Aspiring CIO and CISO

This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.

Jun 2024 8h 32m

The Aspiring CIO and CISO

The Aspiring CIO and CISO

This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.

Jun 2024 8h 32m

The Aspiring CIO and CISO

The Aspiring CIO and CISO

This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.

Jun 2024 8h 32m

The Aspiring CIO and CISO

The Aspiring CIO and CISO

This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.

Jun 2024 8h 32m

The Aspiring CIO and CISO

The Aspiring CIO and CISO

This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.

Jun 2024 8h 32m

The Aspiring CIO and CISO

The Aspiring CIO and CISO

This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.

Jun 2024 8h 32m

Malware Development for Ethical Hackers

Malware Development for Ethical Hackers

This book will help you understand malware development by delving into the intricate mechanisms of malware development, injection attacks, and advanced evasion strategies with over 80 real-life examples.

Jun 2024 13h 0m

Malware Development for Ethical Hackers

Malware Development for Ethical Hackers

This book will help you understand malware development by delving into the intricate mechanisms of malware development, injection attacks, and advanced evasion strategies with over 80 real-life examples.

Jun 2024 13h 0m

Malware Development for Ethical Hackers

Malware Development for Ethical Hackers

This book will help you understand malware development by delving into the intricate mechanisms of malware development, injection attacks, and advanced evasion strategies with over 80 real-life examples.

Jun 2024 13h 0m

Malware Development for Ethical Hackers

Malware Development for Ethical Hackers

This book will help you understand malware development by delving into the intricate mechanisms of malware development, injection attacks, and advanced evasion strategies with over 80 real-life examples.

Jun 2024 13h 0m

Malware Development for Ethical Hackers

Malware Development for Ethical Hackers

This book will help you understand malware development by delving into the intricate mechanisms of malware development, injection attacks, and advanced evasion strategies with over 80 real-life examples.

Jun 2024 13h 0m