Abusing Azure Arc for lateral movement
What is Azure Arc ?
According to Microsoft, Azure Arc is a bridge that extends the Azure platform to help you build applications and services with the flexibility to run across datacenters, at the edge, and in multi-cloud environments.
In simple words, Azure Arc is designed to allow you to manage resource on-premises, other public cloud (AWS, GCP, Alibaba, etc.) and edge devices (IoT) from Azure Portal.
Currently, the supported resource types which are hosted outside of Azure are the following:
- Physical and Virtual Windows and Linux Servers
- Kubernetes Clusters
- Azure data services (SQL Managed Instance and PostgreSQL Hyperscale)
- SQL Server
- VMWare vSphere or Azure Stack HCI
Why Azure Arc ? The benefits of using Azure Arc are the following:
- Centralize platform (Azure) to manage all resources (Azure, on-premises and multi-cloud)
- Deploy policies and maintain compliance and governance
- Utilize Azure Security Center
- Patching Management
- Azure Monitor — Forward event viewer logs to your SIEM
- Utilize RBAC, tagging and identity policies
- Use Automation like extension where you can install application that provide post-deployment configuration
- There’s no cost to start. Just pay for policies and other azure services that is attached. (e.g. Azure Defender or Azure Monitor)
How to onboard on-premise or multi-cloud resource ?
Onboarding is very simple either if you want to onboard one or multiple servers.
From Azure Portal search for Azure Arc:
At left-hand side, under Infrastructure click Servers and then Add: For the purpose of the demo, we are going to onboard
