caon.io
Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Back to homepage

Azure

Azure Edge takeover

https://onetrick.io/2019/09/28/subdomain-takeover-for-azure-cdn/

Active Directory recon

az ad sp show --id <client_id>

Sometimes ADs are configured as multi-tenants, allowing anyone to login into private tenants.

Cloud enum

https://github.com/initstring/cloud_enumo

Azure services by domain

https://learn.microsoft.com/en-us/azure/security/fundamentals/azure-domains

Recon

It is possible to use TREVORspray (https://github.com/blacklanternsecurity/TREVORspray) to perform recon in assets who are using Azure tenants

trevorspray --recon evilcorp.com
gdoc_arrow_left_alt Amazon AWS Google GCP gdoc_arrow_right_alt