This is the code repository for Penetration Testing Azure for Ethical Hackers, published by Packt.
Develop practical skills to perform pentesting and risk assessment of Microsoft Azure environments
Security professionals working with Azure will be able to put their knowledge to work with this practical guide to penetration testing. The book provides a hands-on approach to exploring Azure penetration testing methodologies that will help you get up and running in no time with the help of a variety of real-world examples, scripts, and ready-to-use source code.
This book covers the following exciting features:
- Identify how administrators misconfigure Azure services, leaving them open to exploitation
- Understand how to detect cloud infrastructure, service, and application misconfigurations
- Explore processes and techniques for exploiting common Azure security issues
- Use on-premises networks to pivot and escalate access within Azure
- Diagnose gaps and weaknesses in Azure security implementations Understand how attackers can escalate privileges in Azure AD
If you feel this book is for you, get your copy today!
All of the code is organized into folders. For example, Chapter02.
The code will look like the following:
{
''assignableScopes'': [
''/''
],
Following is what you need for this book: This book is for new and experienced infosec enthusiasts who want to learn how to simulate real-world Azure attacks using tactics, techniques, and procedures (TTPs) that adversaries use in cloud breaches. Any technology professional working with the Azure platform (including Azure administrators, developers, and DevOps engineers) interested in learning how attackers exploit vulnerabilities in Azure hosted infrastructure, applications, and services will find this book useful.
With the following software and hardware list you can run all code files present in the book (Chapter 1-8).
| Chapter | Software required | OS required |
|---|---|---|
| 1-8 | Azure Subscription | Windows, Mac OS X, and Linux (Any) |
We also provide a PDF file that has color images of the screenshots/diagrams used in this book. Click here to download it.
David Okeyode is a cloud security architect at the Prisma cloud speedboat at Palo Alto Networks. Before that, he was an independent consultant helping companies to secure their cloud environments through private expert-level training and assessments. He holds 15 professional certifications across Azure and AWS platforms.
David has over a decade of experience in Cybersecurity (consultancy, design, implementation). He has worked with organizations from startups to major enterprises and he regularly speaks on cloud security at major industry events like Microsoft Future Decoded and the European Information Security Summit.
David is married to a lovely girl who makes the best banana cake in the world and they love traveling the world together!
Karl Fosaaen As a Practice Director at NetSPI, Karl leads the Cloud Penetration Testing service line and oversees NetSPI’s Portland, OR office. Karl holds a BS in Computer Science from the University of Minnesota and has over a decade of consulting experience in the computer security industry. Karl spends most of his research time focusing on Azure security and contributing to the NetSPI blog. As part of this research, Karl created the MicroBurst toolkit on GitHub to house many of the PowerShell tools that he uses for testing Azure.