Hacker's Story from Reader to Global Admin in Azure
DESCRIPTION
We recently performed an Azure Cloud Red Team Assessment where we were granted a basic reader role. In this talk we will be giving a detailed walkthrough of how we managed to perform enumeration over 2000+ Azure Services, 8000+ users, 3000+ Groups, 1500+ service principals, etc. with this minimal role.
This talk will help you understand even with restricted environment due to Azure policies and Conditional access polices how we managed to gain privileged access on Azure services and on Azure AD components.
We will also show how we managed to become an Owner over 25+ Azure Subscriptions and how we become Global Admin by pivoting to On-prem servers through Function Apps which allowed us to compromise AAD Connect Sync user and also how we where able to gain contributor access over certain Azure DevOps organization.
WHY THE COMMITTEE CHOSE THIS TALK
Having a synced AD und cloud infrastructure is the most common configuration today. Yet this poses additional problems.
