The Azure penetration test helped the client identify and remediate multiple issues and misconfigurations, harden their infrastructure and calculate potential risks.
The team was tasked to perform a penetration test against the undisclosed company's Azure AD infrastructure, with access provided by the client. The assessment was driven in a manner that simulated a malicious individual who has initial access to the client's cloud infrastructure.
The team was able to lay out and demonstrate an attack path against client's Azure AD which could allow for full compromise.
The Attack Lifecycle
AzureHound, ROADRecon and custom cloud enumeration tools were used to assess objects, ACLs, and SSO-supporting applications within the environment.
SSO-supporting applications were manually reviewed to discover sensitive data leaks, authentication information, or insecure RBAC configurations.
Confluence and Jira configurations were discovered to be insecure, and the team was able to leverage authentication information disclosed in setup scripts to obtain live build node configurations with API keys to third-party services.
Sensitive authentication information was discovered in an accidental leak, and used for access to Azure CLI on behalf of a monitoring solution, enabling command execution on production servers.
The cloud penetration test helped the client identify and remediate multiple issues with access control and sensitive information protections, harden their cloud and SaaS infrastructure and calculate potential risks. In addition, the testing process did not disrupt any of the company’s regular activities, nor the normal function of the production environment.
Tenendo specialists discovered an unattended staging environment and leveraged its vulnerabilities for sensitive information disclosure. This information was later reused in an attack against the main application, that allowed us access to the payment API on behalf of other customers of our Client.
During this social engineering engagement, it was possible to achieve persistent internal access, exfiltrate confidential and personal information, and compromise the internal segmented infrastructure.
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.