FAST TRACK
See our Fast Start promotion and start your first pentest on The Cobalt Offensive Security Testing Platform for only $4,950.
FAST TRACK
See our Fast Start promotion and start your first pentest on The Cobalt Offensive Security Testing Platform for only $4,950.

How to Perform Azure Pentesting

Learn about various Azure vulnerabilities and how to best approach Azure cloud security.

Companies are benefiting from an increasing supply of cloud services. The ability to outsource features and functions creates an environment of flexibility and scale that would be too costly to undertake individually. One suite that companies frequently turn to is Microsoft's Aure.

Like many other cloud platforms, Microsoft Azure offers over 200 cloud-based services that help streamline a company's operations. However, there is a compromise that needs to be understood when adopting Azure. Companies have access to various resources and seamless integration but at the cost of control.

There are some aspects and responsibilities that are shared between the two parties. One such role that is divided relates to some of the components of Microsoft Azure security.

With a rise of attacks against Azure’s three major pillars, Authentication and Authorization (Entra ID and RBAC), Storage, and Network, it’s wise to adopt a frequent Azure pentesting policy. Let’s dive deeper into the various Azure vulnerabilities and address how to remediate Azure cloud security.

Azure Pentesting: Two Model Options

Azure users can choose between two different deployment models when managing the service’s solutions. These two models are not compatible as the user works with them through two different API sets. The deployment models consist of:

Classic Deployment

Classic deployment is not able to group related resources. Instead, each resource needs to be manually tracked and managed independently. Deploying resources requires attention to detail as it needs to be done in the correct order.

If there was a solution that you wanted to remove, each one had to be deleted individually.

The classic approach highlights many Azure problems that have been successfully updated. Azure issues such as tagging resources and updating access control policies between interconnected resources have been remedied with the release of the second model.

Resource Management Mode

The introduction of resource management mode improved Azure security and increased its ease of use. This model can deploy, manage, and group related resources into a single entity.

When updating access control policies, apply these to the entire group and any new resources added to the group. This mode also allows a user to define the dependencies between resources, meaning deployment will occur in the correct order.

When deploying resource management mode, operators will also have access to the Azure Resource Manager (ARM). ARM allows for a universal standardization over a company’s cloud-solutions security.

However, regardless of which mode an organization deploys, it is still at risk of dangerous cyberattacks—as with any threat to a system, being aware of it is the most effective preventative measure. As more people adopt Azure, it will continue to grow in complexity, lending credence to the need for continual Azure pentesting.

An Azure pentest will be able to identify if a system is vulnerable to the three primary forms of a cyberattack against the cloud platform:

  • Ransomware attack
  • Threats to public and private IP addresses
  • Overtaking Azure's Privileged Identity Management (PIM)

Establishing Access Levels in Azure Cloud

After a company chooses which model it wants to deploy, it’s time to set up management access and ensure the implementation of multi-factor authentication (MFA) for additional security.

From here, it is necessary to establish roles that limit user activity. Azure provides three generic resource access levels: ‘Owner, Contributor, and Reader.’ However, if these rules don't fully entail everything a particular individual needs to use Azure, management can establish specific permissions.

Keep in mind that any amendments made to the core roles invites added risk.

Azure Cloud Security

Since the primary business model behind Azure is to provide cloud-based solutions, it stands to reason that security is a primary concern. However, by offering features such as Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS,) a window of opportunity opens up for malicious hackers, that would be much more difficult to access if the company used an on-premise platform.

While Microsoft has expanded its Azure Security Center, the responsibility of hardening a system is shared. This shared responsibility means that companies are accountable for conducting their own Azure pentest.

Even with the Azure Security Center and its tools to detect security vulnerabilities and threats, the advanced tools are hidden behind a paywall.

To ensure that its resources are fully secured, a company will need to contract a security professional experienced with Azure pentesting.

Azure Vulnerabilities & Encryption

Microsoft's Azure delivers a great feature known as Data Encryption at Rest. This security component uses symmetric encryption to encrypt and decrypt vast quantities of data rapidly.

While this feature is a hallmark of any digital security, companies should be aware that the core responsibility of securing private information within the cloud is that of the client and not the service provider.

It’s up to an organization to safeguard its data by employing a security professional familiar with Azure pentesting. If a company has any of the following issues, it may be at risk to attack:

  • Storage accounts accessible from the internet
  • Lack of multi-factor authentication for privileged users
  • Azure Security Center without standard tier protection
  • Azure Virtual networks with Basic DDoS protection
  • Unencrypted OS and Data disks
  • A high number of guest users in Entra ID
  • HTTPS only traffic is not enforced for all web apps

This list is not exhaustive but highlights many areas that a criminal can use to exploit a system.

Cobalt Can Help

To ensure that your Azure services are compliant and secure from cyberattacks, learn more about how Pentest as a Service (PtaaS) can empower your Azure pentesting needs. As leaders in the digital security industry, the team of experts at Cobalt is well-versed in Azure pentesting.

Back to Blog
About Luke Doherty
Luke Doherty is the Senior Manager of Sales Engineering at Cobalt. He graduated from the ECPI University with a Bachelor's Degree in Computer and Information Systems Security. With nearly 10 years of technical experience, he helps bring to life Cobalt's mission to transform traditional penetration testing with the innovative Pentesting as a Service (PtaaS) platform. More By Luke Doherty
10 Steps to Secure Your Azure Cloud Environment
The blog discusses ten essential steps to secure your Azure cloud environment, ranging from access management to network security. It emphasizes the use of Azure CLI to implement these best practices and safeguard against potential security threats. The steps include multifactor authentication, compliance standards, encryption, backups, and disaster recovery plans, among others.
Blog
Mar 29, 2023
Azure AD: Pentesting Fundamentals
Core member Orhan Yildirim walks us through how to use Azure AD when pentesting.
Blog
May 23, 2022