Mastering Azure Enumeration: Techniques for Unauthenticated and Authenticated Hacking

n00🔑
11 min readOct 16, 2024

Terminology-

  • Tenant — An instance of Azure AD and represents a single organization.
  • Azure AD Directory — Each tenant has a dedicated Directory. This is used to perform identity and access management functions for resources.
  • Subscriptions — It is used to pay for services. There can be multiple subscriptions in a Directory.
  • Core Domain — The initial domain name <tenant>.onmicrosoft.com is the core domain. It is possible to define custom domain names too.

Managed Identity(Similar to roles in AWS)-

  • Azure provides the ability to assign Managed Identities to resources like app services, function apps, virtual machines, etc.
  • Managed Identity uses Azure AD tokens to access other resources (like key vaults, and storage accounts) that support Azure AD authentication.
  • It is a service principal of a special type that can be used with Azure resources.
  • Managed Identity can be system-assigned (tied to a resource and cannot be shared with other resources) or user-assigned (independent life cycle and can be shared across resources).

Unauthenticated-

Tenant Information

https://login.microsoftonline.com/getuserrealm.srf?login=pswalia2u.onmicrosoft.com

Set-ExecutionPolicy bypass
Import-Module…

--

--