Skip to content

conma293/Azure

Repository files navigation

CARTP



  • Module 1
    • Introduction to Azure
    • Discovery and Recon of services and applications
    • Azure AD Enumeration
    • Initial Access Attacks (Enterprise Apps, App Services, Function Apps, Insecure Storage, Phishing, Consent Grant Attacks)
  • Module 2
    • Enumeration of Azure Services (Storage Accounts, Key vaults, Blobs, Automation Accounts, Deployment History and more)
    • Privilege Escalation (RBAC roles, Azure AD Roles, Across subscriptions, Custom Roles, Resource Ownership, Dynamic Groups etc.
  • Module 3
    • Lateral Movement (Pass the PRT, Pass the Certificate, Runbooks, Abusing CI/CD pipeline, Application Proxy, Hybrid Identity and more for Across Tenant, cloud to on prem, on prem to cloud lateral movement)
    • Persistence techniques (Abuse of Hybrid Identity, persistence on Azure resources, Golden SAML, Skeleton key in the cloud and more)
  • Module 4
    • Data Mining
    • Defenses, Monitoring and Auditing (CAP, PIM, Microsoft Defender for Cloud, JIT, Identity Protection, CAE, MFA, MTPs, Azure Sentinel)
    • Bypassing Defenses****

Other Resources

Active Directory

CRTP Resources

Repos

Tools


Offensive Security


External links

About

No description, website, or topics provided.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

 
 
 

Contributors

Languages