In the last chapter, we looked at the various SaaS, PaaS, and IaaS services Azure has to offer.

Now, it’s time to actually practice some vulnerability scanning and pentesting in your very own Azure deployment! This will be fun and educational. If you have gone through Chapter 5, Pentesting AWS Features through Serverless Applications and Tools, we’re going to be doing the same kind of work in this chapter, but in Azure.

This chapter features a step-by-step guide to using Azure’s own first-party security tools to check security configurations and conduct vulnerability assessments. The featured tools are Microsoft Defender for Cloud and Azure Firewall Manager. After that, we will learn how to configure the most popular third-party Azure pentesting tools. The featured tools are Prowler, MFASweep, and ScoutSuite. Lastly, we’ll have a look at the pentesting tutorials to find credentials...

We will be working with Microsoft’s infrastructure. Massive Azure data centers will be doing the bulk of the computer processing work for the exercises in this chapter. So, fortunately, you don’t need to have a top-of-the-line workstation. You will need the following:

• A web browser
• A desktop or laptop PC
• An Android or iPhone smartphone
• A good, reliable internet connection

Check out the following video to view the Code in Action: https://bit.ly/3rUulqT

Anyone can set up their own Microsoft Azure account. Many Azure services are free of charge. I strongly recommend deploying your own Azure instance to practice vulnerability scanning and pentesting in Azure before you do paid work for a client so that you can practice your skills. And chances are that your Azure test deployment is simpler than the Azure network the organization you work for operates!

Thanks to the magic of the cloud and the fact that the computer processing, data storage, and bandwidth are on Microsoft’s infrastructure, you don’t need to have a powerful workstation computer to try the exercises I will demonstrate in this chapter. A typical desktop or laptop PC with Windows, macOS, or Linux, good web functionality, and a modern web browser will do.

First, open your web browser and go to Microsoft’s guide to free Azure services (https://azure.microsoft.com/en-ca/free). Here are most of the Azure services that are...

Everything you need to do to launch your first Azure instance to practice your pentesting skills can be done from your web browser. Here’s how:

1. While you’re on the Azure free services web page (https://azure.microsoft.com/en-ca/free), click on the green Start free button:

Figure 8.1 – Azure free account creation page

You’ll be taken to a screen to sign in to a Microsoft account. If you use Windows 10 or Windows 11 at home, chances are you already have a Microsoft account. You can choose to use your existing Microsoft account, create a new Microsoft account (which you may do even if you already have another Microsoft account), or sign in with your GitHub credentials if you have them.

I decided to use a Microsoft account that I already have. I’m cautious when it comes to cybersecurity, so I already had multi-factor authentication (MFA) set up on my Android phone with Microsoft...

Wherever you are in the web interface for managing your Azure services (the URL in your address bar should say portal.azure.com), as long as you’re logged in, there will be a blue menu bar at the top. To the right of the search bar, there’s an icon that looks like a command prompt (something like this: >_):

Figure 8.4 – Azure menu bar and Cloud Shell

Click on it to launch Azure Cloud Shell. In Azure Cloud Shell, you can switch back and forth between PowerShell and Bash at the drop-down menu in the top-left corner. You may have to choose Create storage the first time you launch Cloud Shell:

Figure 8.5 – Azure Cloud Shell screen

You’ll find some Bash commands in Chapter 5, Pentesting AWS Features through Serverless Applications and Tools. We will be using Bash when installing and executing the tools in this chapter. But let’s review some useful...

Here’s what’s built into Azure that can help you with security.

Microsoft Defender

Microsoft Defender for Cloud is an important application for checking your security posture in Azure. It will give you security recommendations based on your current configuration and let you know about some of the security vulnerabilities you have. This is information that you can use in your pentest report.

Let’s open Microsoft Defender and see what we can learn about how secure our Azure deployment is:

1. To execute the application, first, make sure that you’re logged in to your Azure account in your web browser. Visit portal.azure.com. You should then see this screen.
2. Next, at the blue menu bar at the top, enter Defender in the search bar. A link to Microsoft Defender for Cloud should populate. Click on it.

   You may need to add Microsoft Defender for Cloud as a paid service. If you haven’t signed up for it already, there...

In the previous chapter, I listed several different third-party applications that you can use when you pentest Azure.

Everything that I’ll demonstrate here is permitted under Microsoft’s policies, as long as you’re either conducting these activities in your own Azure instance or you have permission from the owner of the Azure instance you’re working with to conduct vulnerability scanning and pentesting there.

But I believe there’s no such thing as being too cautious. So, I’m linking to Microsoft’s policies again (https://www.microsoft.com/en-us/msrc/pentest-rules-of-engagement). Please read and understand those policies so that you can abide by them, whether or not the Azure instance you’re working in is yours, because ultimately, you’re still working in Microsoft’s infrastructure either way!

Prowler

In the AWS section (Chapter 5), we found Prowler to be a very useful vulnerability...

Now, let’s run some security tests with the tools we’ve installed.

Prowler

First, let’s run a default Prowler scan in Azure. The default scan is an effective general vulnerability assessment. Follow these steps:

1. Launch Azure Cloud Shell and make sure you’re using Bash. At the top left of the Azure Cloud Shell display, there’s a drop-down menu to switch back and forth between PowerShell and Bash. There you go!
2. I like to just make sure that Prowler is installed properly before I commence a scan. Check the version of Prowler you have with this command:

   prowler -v

3. Next, let’s see which security checks you can run with Prowler in Azure with this command:

   prowler azure --list-checks

4. Now, let’s run some of the checks that were listed as a response to the previous command. Make sure --az-cli-auth is at the end of your prowler azure command so that you can execute it with the necessary permissions...

There are a number of handy tools you can use to check your security posture in Azure, run vulnerability scans, and conduct simple pentests. All of the information you can acquire from these tools can be useful to include in your pentest report.

Microsoft Defender for Cloud is your main security posture hub. It provides security recommendations, security alerts, attack path analysis, troubleshooters, and security configuration information. Azure Firewall Manager is also built in. Azure Firewall helps to allow and deny activity in your Azure instance. You definitely want to deny activity that could help a cyber threat actor!

The Azure Cloud Shell CLI can be executed in your web browser while you’re logged in to Azure’s web application. We can install and run third-party pentesting tools from Azure Cloud Shell.

Prowler is just as useful for pentesting Azure as it is for pentesting AWS.

MFASweep is specifically for Azure. It’s the most effective...

To learn more about the topics covered in this chapter, you can visit the following links:

• A list of free services in Azure: https://azure.microsoft.com/en-ca/free
• A cheat sheet with PowerShell commands: https://www.comparitech.com/net-admin/powershell-cheat-sheet/
• Prowler documentation: https://docs.prowler.cloud
• MFASweep: https://github.com/dafthack/MFASweep
• ScoutSuite: https://github.com/nccgroup/ScoutSuite