Back to directory
WRITEUP #1612

Azure security — Internal recon leveraging lack of access control

CloudAzure ADSecurity misconfigurationPrivilege escalation
byMolx32
Program
Microsoft (Azure)
Published
Feb 2, 2023
Added to HackDex
Apr 27, 2023
Read Full Writeuphttps://molx32.github.io/blog/2023/Azure-access-panel-lack-of-access-control/
RELATED WRITEUPS
Addressed AWS defaults risks: OIDC, Terraform and Anonymous to AdministratorAccess
CloudOIDC
Double Agent: Exploiting Pass-through Authentication Credential Validation in Azure AD
CloudPrivilege escalation
UnOAuthorized: Privilege Elevation Through Microsoft Applications
CloudPrivilege escalation
Escalating Privileges in Google Cloud via Open Groups
CloudPrivilege escalation
ConfusedFunction: A Privilege Escalation Vulnerability Impacting GCP Cloud Functions
CloudPrivilege escalation

Built with ❤️ by Shubham Rawat