Unmask Privileged Access in Azure

We created this beginner-friendly lab to showcase how secrets can be unmasked both online and in managed systems, and how this can be leveraged to increase access laterally and vertically in an Azure environment. You'll get hands-on experience with ROADrecon, as well as enumerating and interacting with virtual machines and automation accounts.

As part of our pre-engagement reconnaissance several Mega Big Tech employee profiles on LinkedIn were reviewed. One of their new employees, Matteus Lundgren posted recently about his new role and office space. This caught the eye as there appeared to be a Post-It note on the wall that had later been obfuscated. You are tasked with gaining initial access and demonstrating impact by increasing privileges.

• Basic Linux command line knowledge

• Reveal password that that is masked using the iOS Markup tool
• Azure situational awareness using the CLI and ROADrecon
• Identify and exploit Azure attack paths
• Abuse Entra ID to gain privileges
• Automation account enumeration and secret exfiltration

Exposing login credentials and sensitive information whether online or in managed systems poses serious security risks in the real world. Such practices can lead to unauthorized access, either by red teams or real threat actors. Secure handling of credentials and using encrypted storage is crucial to mitigate these risks and safeguard against potential security breaches.