BA 04 – Credential Discovery

Credentials Discovery

There are various techniques that attackers may employ to attempt unauthorized access to Azure resources.

Password Spraying Attacks

Utilize tools such as MSOLSpray and o365spray to perform password spraying attacks. Password spraying involves attempting a few commonly used passwords against multiple user accounts to gain unauthorized access.

Open-Source Intelligence (OSINT) for Credential Discovery

Leverage OSINT techniques, including searches on platforms like GitHub and haveibeenpwned, to discover potential exposed credentials and secrets, especially those associated with Service Principals.

Authentication Attempts with Client ID and Client Secret

If client ID and client secret are identified, attempt authentication using the Azure PowerShell module (az module) to exploit potential misconfigurations.

Exploration of Service Principal Delegations

Understand that Service Principals often have delegations to other services/resources. Explore these delegations to identify potential paths for unauthorized access.