Learn Like a Baby - analysing Azure for Hunting 1 - What's our Attack surface?

raja maniraja mani
2 min read

Table of contents

1 -whats Azure AD ?

Provide authentication to cloud application and any devoloped application

Can manage OnPrem AD.

Can be configured with external Identity.

2 - what are the difference between onprem vs cloud

No GPO in cloud

See there is TenantId instead of domains and forrest

We see other organization trusted users seen as guest

Protocols changed

3 - whats Azure AD Connect?

Provides connection between OnPrem and cloud synchronizing

On a hybrid environment Azure AD manage the Domain controllers in the onprem. We can integrate onprem and cloud

How integration happen?

  • Password hash Synchronisation. - > synchronise user account and hash of the passwd

  • ADFS - > Azure AD federate authentication via onprem by redirection

Allows users to access resources across multiple organizations or domains.

  • Pass Through Authentication → User goes into Azure AD using same credential as on prem but Username + Password is sent encrypted to onprem

  • SingleSignOn - Allows users to access applications and systems connected to a single organization. For example, SSO can allow employees to access business applications like HR functions and financial records with one login credential. SSO works by redirecting users to their identity provider (IdP) for authentication, generating a token that confirms the user's identity, and sending the token back to the application.

4 - Azure AD Roles vs Azure Roles

The four fundamental roles of Azure are:

Owner

– Full rights to change the resource and to change the access control to grant permissions to other users.

Contributor

– Full rights to change the resource, but not able to change the access control.

Reader

– Read-only access to the resource

User Access Administrator

– No access to the resource except the ability to change the access control.

https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles?WT.mc_id=modinfra-28824

The Azure AD roles include:

Global administrator

– the highest level of access, including the ability to grant administrator access to other users and to reset other administrator’s passwords.

User administrator

– can create and manage users and groups, and can reset passwords for users, Helpdesk administrators and User administrators.

Helpdesk administrator

– can change the password for users who don’t have an administrator role and they can invalidate refresh tokens, which forces users to sign back in again.

Billing Administrator

– can make purchases and manage subscriptions.

https://learn.microsoft.com/en-us/entra/identity/role-based-access-control/permissions-reference?WT.mc_id=modinfra-28824-socuff

TOTAL MINDMAP

5 - Protection

Access control Policies + Identity Protection

0
Subscribe to my newsletter

Read articles from raja mani directly inside your inbox. Subscribe to the newsletter, and don't miss out.

Azureblueteam#cybersecuritycloud securityinformation securitySecurity

Written by

raja mani
raja mani

✨🌟💫Threat Hunter 💫🌟✨