Task 22, Day 16 Azure The Wareville’s Key Vault gre three sizes that day.

Might be the same drill as yesterday content-wise.

Azure Key Vault

Azure service that allows users to securely store and access secrets. Can be things like API Keys, certificates, passwords, cryptogrphic keys, etc. Created by vault owners that have full access and control over the vault, including being able to enable auditing so there is a record of who accessed what secrets and grant access to vault consumers.

Microsoft Entra ID

Identity and access management (IAM) service. Think AD for users and apps. AAD if you will…

Assumed Breach Scenario

Type of penetration testing setup where an initial access or foothold is provided, mimicking a scenario where the attacker already has access inside the internal network. The mindset is to assess how far an attacker can go from that initial access, including all possible attack paths that can branch out.

Heading into the lab.

Azure Cloud Shell

Browser-based CLI that provides a convenient and powerful way to manage Azure resources. Integrates both Bash and PowerShell environments, can execute scripts, manage Azure services, and run commands directly from the browser. Has built-in tools and pre-configged environements like Azure CLI, Azure PowerShell, and dev tools.

Azure CLI

Tool for managing and configuring Azure resources.
az ad signed-in-user show similar to whoami.

Entra ID Enumeration

List all users in the tenant: az ad user list
Azure CLI typically follows the syntax of az GROUP SUBGROUP ACTION OPTIONAL_PARAMETERS.
See available commands with az -h or az GROUP -h.
Can use filters, i.e. az ad user list --filter "startsWith('wvusr-', displayName)".

List all groups in the tenant: az ad group list
List members of group: az ad group member list --group "<Group_Name>"
Clear CLI session: az account clear
Log into CLI session: az login -u <Email> -p <Password>

Azure Role Assignments

Defines what resources each user or group can access. When a new user is created via Entra ID, it can’t access any resource by default due to lack of role. Administrators assign roles, privilege levels range from read-only to full-control. Group members can inherit roles from their group.
List roles: az role assignment list --assignee <user_or_group_ID> --all –assignee: list only assignments of particular group
–all: list all roles within the Azure subscription

Role Microsoft Definition Explanation
Key Vault Reader Read metadata of key vaults and its certificates, keys, and secrets. This role allows you to read the metadata of key vaults and its certificates, keys, and secrets. Cannot read sensitive values like secret contents or key material.
Key Vault Secrets User Read secret contents. Only works for key vaults that use the ‘Azure role-based access control’ permissions model. Special role allows you to read the contents of a Key Secret Vault.

List accessible key vaults: az keyvault list
List secrets from key vault: az keyvault secret list --vault-name <vault_name>
Access contents of secret: az keyvault secret show --vault-name <vault-name> --name <name>

The Task

Collect info from assumed breach scenario.

Exploiting Active Directory.