CloudBreach Logo

BA 08 – Azure Access Token

An Azure access token is a JSON Web Token (JWT) issued by Entra ID upon successful authentication. This token contains information about the authenticated user or application, including their identity, assigned roles and permissions, and details about the authentication session. Understanding various aspects of Azure access tokens involves considerations of token lifetime, expiration, and the use of refresh tokens.

Token Lifetime: Azure access tokens have a limited lifetime, typically expressed in seconds. The default lifetime is one hour (3600 seconds). This means that once issued, the token remains valid for a specified duration, after which it expires.

Token Expiration: When an access token reaches its expiration time, it becomes invalid. This design helps enhance security by reducing the window of opportunity for an attacker to misuse a stolen or intercepted token. To continue accessing resources, a new token must be obtained through reauthentication.

Refresh Tokens: In scenarios where long-lived access to resources is needed without requiring the user to re-enter credentials, Entra ID issues refresh tokens. A refresh token has a longer lifespan than the access token and can be used to obtain a new access token without user interaction. It is crucial to protect refresh tokens as they represent persistent access to resources.

Token Revocation: Access tokens can be revoked before their expiration if needed. Revocation might occur due to security concerns, such as a compromised

By |2024-05-12T23:34:07+03:0005/05/2024|Comments Off on BA 08 – Azure Access Token
Read More

BA 02 – Azure Portal

The Azure Portal is a web-based, unified console that provides an alternative to command-line tools for managing Azure resources. It offers a user-friendly interface where users can access and manage the various services and features that Azure provides. Through the Azure Portal, users can create, configure, and monitor their Azure resources in a visual environment, making it easier to understand and manage the cloud resources without needing deep technical knowledge or expertise in command-line tools.

Main Features

  • Access Control and Management: Azure Portal facilitates the management of access controls and policies for resources. It supports role-based access control
    1. Dashboard Customisation: The Azure Portal allows users to customise their dashboard according to their preferences and needs. Users can add, remove, and rearrange tiles representing different resources and services to create a personalised view that gives them quick access to the things they use most often.
    2. Resource Management: It provides tools for creating, configuring, managing, and monitoring virtually all Azure services. This includes virtual machines, web apps, databases, storage accounts, and many others. Users can easily start or stop services, adjust settings, and view the status of their resources.
    3. Billing and Subscription Management: The portal offers detailed insights into billing and subscription details, allowing users to track their spending, set budgets, and estimate costs. This is crucial for managing cloud expenses effectively.
    4. Access Control and Management: Azure Portal facilitates the management of access controls and policies for resources. It supports role-based access control
    • By |2024-04-27T15:52:36+03:0011/03/2024|Comments Off on BA 02 – Azure Portal
    Read More

    BA 01 – Getting started with Azure

    What is Azure

    Azure is Microsoft’s cloud computing platform that provides a comprehensive suite of services to build, deploy, and manage various applications and solutions. It offers a wide range of cloud services, including computing power, storage, databases, networking, artificial intelligence (AI), analytics, and more. Azure enables organizations to leverage scalable and flexible cloud resources, reducing the need for on-premises infrastructure and allowing for greater agility in meeting business demands.

    Key features of Azure include:

    Global Presence: Azure has a vast network of data centers worldwide, allowing users to deploy applications and services close to their target audience for improved performance and compliance.

    Scalability: Users can scale resources up or down based on demand, paying only for the resources they consume. This scalability is particularly beneficial for handling variable workloads.

    Integration: Azure integrates seamlessly with Microsoft’s products and services, providing a cohesive environment for users familiar with Microsoft technologies.

    Hybrid Capabilities: Azure supports hybrid cloud scenarios, allowing organizations to integrate on-premises data centers with cloud resources, providing flexibility and extending existing infrastructure investments.

    Security and Compliance: Azure prioritizes security, offering advanced features such as identity management, encryption, and compliance certifications to ensure the protection of data and adherence to industry regulations.

    AI

    By |2024-04-27T15:52:19+03:0011/03/2024|Comments Off on BA 01 – Getting started with Azure
    Read More

    BA 05 – Phishing Attacks

    Phishing remains a prevalent vector for hackers seeking to infiltrate internal systems, and its tactics have evolved to align with the widespread adoption of cloud infrastructure. Traditionally effective, phishing attacks have seamlessly transitioned to exploit vulnerabilities within cloud environments, presenting a renewed challenge for cybersecurity. In this section, we will go through a comprehensive overview of Cloud Specific Phishing attacks. As organizations increasingly migrate their operations to the cloud, adversaries are quick to adapt, deploying deceptive tactics tailored to exploit the nuances of cloud platforms and internal infrastructure.

    Microsoft Teams Abuse

    Understanding the default configurations in Microsoft Teams is crucial to maintaining a secure collaboration environment. By default, Microsoft Teams allows open federation with all external Teams organizations. This means that users from different Azure tenants can communicate directly with your employees, exchanging messages and files. 

    This open federation setting poses potential security risks. Bad actors could exploit this feature to launch Social Engineering attacks, targeting unsuspecting users within your organization. 

    Additional Reading

    • https://aadinternals.com/talks/Deep-dive%20to%20Teams%20internal%20APIs_v2.pdf
    • https://aadinternals.com/talks/Commsverse%202021.pdf
    • https://mrd0x.com/microsoft-teams-abuse/?no-cache=1
    • https://posts.inthecyber.com/leveraging-microsoft-teams-for-initial-access-42beb07f12c4
    • https://badoption.eu/blog/2024/01/12/teams5.html
    By |2024-05-10T13:49:45+03:0026/02/2024|Comments Off on BA 05 – Phishing Attacks
    Read More

    BA 04 – Anonymous Azure Services Enumeration

    Azure Enumeration

    Azure enumeration is the systematic process of gathering information about the Azure resources, configuration, permissions and Entra ID (ex Azure AD) tenant for a specific Azure environment. There are two ways to enumerate Azure services: either as an authenticated Azure user or anonymously (without authentication). This section will primarily focus on external (anonymous) reconnaissance techniques. By analyzing this information, you can assess the security posture of Azure environments and identify potential entry points for further exploitation.

    Below is a list of Azure services and their associated subdomain:

    Microsoft has allocated a unique subdomain for each Azure service. Upon setting up a new service a new unique domain will be created, therefore it is possible to discover the kind of services they use by guessing/brute forcing  their name conventions. 

    Anonymous Azure Storage

    Anonymous Azure Storage refers to an unsecured configuration within Microsoft Azure that allows public access to storage resources without the need for authentication or proper access controls. This misconfiguration can occur when storage accounts are set to allow anonymous access, making data and resources openly accessible to anyone on the internet. Essentially, it means that the storage containers and blobs can be retrieved without requiring valid credentials, leading to a significant security risk.

    By |2024-05-25T19:59:01+03:0026/02/2024|Comments Off on BA 04 – Anonymous Azure Services Enumeration
    Read More
    Logo
    Go to Top