ioc[.]one - OSINT Cyber Threat Intelligence Database

Azure Privilege Escalation Via Service Principal

Tags

attack-pattern:

Data Direct Model Credentials - T1589.001 Hardware - T1592.001 Powershell - T1059.001 Software - T1592.002 Vulnerabilities - T1588.006 Powershell - T1086

Show in Graph

Common Information

Type	Value
UUID	b88f2070-c4db-4358-9efd-f7b5ed8873f7
Fingerprint	bc7baf092f716765
Analysis status	DONE
Considered CTI value	0
Text language
Published	April 24, 2023, 2:11 p.m.
Added to db	April 24, 2023, 4:47 p.m.
Last updated	Nov. 17, 2024, 9:49 a.m.
Headline	Azure Privilege Escalation Via Service Principal
Title	Azure Privilege Escalation Via Service Principal
Detected Hints/Tags/Attributes	38/1/15

Source URLs

	Redirection	Url
Details	Redirection	https://infosecwriteups.com/azure-privilege-escalation-via-service-principal-ae12fd79374c?gi=27ce974f9ddc&source=rss----7b722bfd1b8d---4
Details	Source	https://infosecwriteups.com/azure-privilege-escalation-via-service-principal-ae12fd79374c?gi=67db1b4fd6f9&source=rss----7b722bfd1b8d---4
Details	Redirection	https://infosecwriteups.com/azure-privilege-escalation-via-service-principal-ae12fd79374c?gi=ba00b92147b0&source=rss----7b722bfd1b8d---4
Details	Source	https://infosecwriteups.com/azure-privilege-escalation-via-service-principal-ae12fd79374c?gi=e038ecfa56e1&source=rss----7b722bfd1b8d---4
Details	Redirection	https://infosecwriteups.com/azure-privilege-escalation-via-service-principal-ae12fd79374c?gi=e6717df95ca5&source=rss----7b722bfd1b8d---4
Details	Redirection	https://infosecwriteups.com/azure-privilege-escalation-via-service-principal-ae12fd79374c?source=rss----7b722bfd1b8d---4
Details	Redirection	https://medium.com/m/global-identity-2?redirectUrl=https%3A%2F%2Finfosecwriteups.com%2Fazure-privilege-escalation-via-service-principal-ae12fd79374c%3Fsource%3Drss----7b722bfd1b8d---4

URL Provider

Details	Provider	Source level domain
Details	infosecwriteups.com	infosecwriteups.com
Details	medium.com	medium.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	136	✔	InfoSec Write-ups - Medium	https://infosecwriteups.com/feed	2024-08-30 22:08

Attributes

Details	Type	#Events	CTI	Value
Details	Domain	107		system.management
Details	Domain	1		context.tenant.id
Details	Domain	8		microsoft.azure
Details	Domain	5		graph.windows.net
Details	Domain	1		context.account.id
Details	Domain	26		posts.specterops.io
Details	Domain	11		dirkjanm.io
Details	Domain	11		www.netspi.com
Details	Domain	768		www.youtube.com
Details	File	46		automation.ps
Details	Url	1		https://graph.windows.net").accesstokenconnect
Details	Url	2		https://posts.specterops.io/azure-privilege-escalation-via-service-principal-abuse-210ae2be2a5
Details	Url	2		https://dirkjanm.io/azure-ad-privilege-escalation-application-admin
Details	Url	2		https://www.netspi.com/webinars/lunch-learn-webinar-series/adventures-in-azure-privilege-escalation
Details	Url	2		https://www.youtube.com/watch?v=qwvapszlidy