Pentesting Azure applications : the definitive guide to testing and securing deployments /
A comprehensive guide to penetration testing cloud services deployed with Microsoft Azure, the popular cloud computing service provider used by companies like Warner Brothers and Apple. Pentesting Azure Applications is a comprehensive guide to penetration testing cloud services deployed in Microsoft...
Saved in:
| Main Author: | |
|---|---|
| Format: | eBook |
| Language: | English |
| Published: |
San Francisco :
No Starch Press,
[2018]
|
| Subjects: | |
| Online Access: | CONNECT CONNECT |
| LEADER | 06899cam a2200601 i 4500 | ||
|---|---|---|---|
| 001 | in00006078000 | ||
| 006 | m o d | ||
| 007 | cr unu|||||||| | ||
| 008 | 180918s2018 caua o 001 0 eng d | ||
| 005 | 20220713131410.8 | ||
| 035 | |a 1WRLDSHRon1052786247 | ||
| 040 | |a UMI |b eng |e rda |e pn |c UMI |d RECBK |d OCLCF |d STF |d EBLCP |d TOH |d CEF |d G3B |d MERUC |d IDB |d UAB |d C6I |d OCLCQ |d OCL |d OCLCQ |d OCLCO | ||
| 019 | |a 1048302777 | ||
| 020 | |a 9781593278649 | ||
| 020 | |a 1593278640 | ||
| 020 | |z 9781593278632 | ||
| 028 | 0 | 2 | |a EB00706876 |b Recorded Books |
| 035 | |a (OCoLC)1052786247 |z (OCoLC)1048302777 | ||
| 037 | |a CL0500000992 |b Safari Books Online | ||
| 050 | 4 | |a QA76.585 | |
| 082 | 0 | 4 | |a 305.8 |
| 084 | |a COM053000 |a COM060040 |2 bisacsh | ||
| 049 | |a TXMM | ||
| 100 | 1 | |a Burrough, Matt, |e author. | |
| 245 | 1 | 0 | |a Pentesting Azure applications : |b the definitive guide to testing and securing deployments / |c by Matt Burrough. |
| 264 | 1 | |a San Francisco : |b No Starch Press, |c [2018] | |
| 264 | 4 | |c ©2018 | |
| 300 | |a 1 online resource (1 volume) : |b illustrations | ||
| 336 | |a text |b txt |2 rdacontent | ||
| 337 | |a computer |b c |2 rdamedia | ||
| 338 | |a online resource |b cr |2 rdacarrier | ||
| 588 | 0 | |a Print version record. | |
| 500 | |a Includes index. | ||
| 520 | |a A comprehensive guide to penetration testing cloud services deployed with Microsoft Azure, the popular cloud computing service provider used by companies like Warner Brothers and Apple. Pentesting Azure Applications is a comprehensive guide to penetration testing cloud services deployed in Microsoft Azure, the popular cloud computing service provider used by numerous companies. You'll start by learning how to approach a cloud-focused penetration test and how to obtain the proper permissions to execute it; then, you'll learn to perform reconnaissance on an Azure subscription, gain access to Azure Storage accounts, and dig into Azure's Infrastructure as a Service (IaaS). You'll also learn how to: - Uncover weaknesses in virtual machine settings that enable you to acquire passwords, binaries, code, and settings files - Use PowerShell commands to find IP addresses, administrative users, and resource details - Find security issues related to multi-factor authentication and management certificates - Penetrate networks by enumerating firewall rules - Investigate specialized services like Azure Key Vault, Azure Web Apps, and Azure Automation - View logs and security events to find out when you've been caught Packed with sample pentesting scripts, practical advice for completing security assessments, and tips that explain how companies can configure Azure to foil common attacks, Pentesting Azure Applications is a clear overview of how to effectively perform cloud-focused security tests and provide accurate findings and recommendations. | ||
| 505 | 0 | |a Intro; Brief Contents; Contents in Detail; Foreword; Acknowledgments; Introduction; About Penetration Testing; What This Book Is About; How This Book Is Organized; What You'll Need to Run the Tools; Chapter 1: Preparation; A Hybrid Approach; Teams Don't Always Have Cloud Experience; Clouds Are Reasonably Secure by Default; It's All Connected; Getting Permission; Scope the Assessment; Notify Microsoft; Obtain a "Get Out of Jail Free" Card; Be Aware of and Respect Local Laws; Summary; Chapter 2: Access Methods; Azure Deployment Models; Azure Service Management; Azure Resource Manager | |
| 505 | 8 | |a Obtaining CredentialsMimikatz; Using Mimikatz; Capturing Credentials; Factors Affecting Success; Best Practices: Usernames and Passwords; Usernames and Passwords; Searching Unencrypted Documents; Phishing; Looking for Saved ARM Profile Tokens; Guessing Passwords; Best Practices: Management Certificates; Finding Management Certificates; Publish Settings Files; Reused Certificates; Configuration Files; Cloud Service Packages; Best Practices: Protecting Privileged Accounts; Encountering Two-Factor Authentication; Using Certificate Authentication; Using a Service Principal or a Service Account | |
| 505 | 8 | |a Accessing CookiesProxying Traffic Through the User's Browser; Utilizing Smartcards; Stealing a Phone or Phone Number; Prompting the User for 2FA; Summary; Chapter 3: Reconnaissance; Installing PowerShell and the Azure PowerShell Module; On Windows; On Linux or macOS; Running Your Tools; Service Models; Best Practices: PowerShell Security; Authenticating with the PowerShell Module and CLI; Authenticating with Management Certificates; Installing the Certificate; Authenticating; Connecting and Validating Access; Best Practices: Service Principals; Authenticating with Service Principals | |
| 505 | 8 | |a Using Service Principals with PasswordsAuthenticating with X.509 Certificates; Best Practices: Subscription Security; Gathering Subscription Information; Viewing Resource Groups; Viewing a Subscription's App Services (Web Apps); Gathering Information on Virtual Machines; Finding Storage Accounts and Storage Account Keys; Gathering Information on Networking; Network Interfaces; Obtaining Firewall Rules or Network Security Groups; Viewing Azure SQL Databases and Servers; Consolidated PowerShell Scripts; ASM Script; ARM Script; Summary; Chapter 4: Examining Storage | |
| 505 | 8 | |a Best Practices: Storage SecurityAccessing Storage Accounts; Storage Account Keys; User Credentials; SAS Tokens; Where to Find Storage Credentials; Finding Keys in Source Code; Obtaining Keys from a Developer's Storage Utilities; Accessing Storage Types; Identifying the Storage Mechanisms in Use; Accessing Blobs; Accessing Tables; Accessing Queues; Accessing Files; Summary; Chapter 5: Targeting Virtual Machines; Best Practices: VM Security; Virtual Hard Disk Theft and Analysis; Downloading a VHD Snapshot; Retrieving a VHD's Secrets; Exploring the VHD with Autopsy; Importing the VHD | |
| 590 | |a O'Reilly Online Learning Platform: Academic Edition (SAML SSO Access) | ||
| 630 | 0 | 0 | |a Windows Azure |x Security measures. |
| 630 | 0 | 7 | |a Windows Azure. |2 fast |0 (OCoLC)fst01796039 |
| 650 | 0 | |a Cloud computing |x Security measures. | |
| 650 | 0 | |a Penetration testing (Computer security) | |
| 730 | 0 | |a WORLDSHARE SUB RECORDS | |
| 776 | 0 | 8 | |i Print version: |a Burrough, Matt. |t Pentesting Azure applications. |d San Francisco : No Starch Press, 2018 |z 9781593278632 |w (DLC) 2017051237 |w (OCoLC)1019835048 |
| 856 | 4 | 0 | |u https://go.oreilly.com/middle-tennessee-state-university/library/view/-/9781492069416/?ar |z CONNECT |3 O'Reilly |t 0 |
| 949 | |a ho0 | ||
| 994 | |a 92 |b TXM | ||
| 998 | |a wi |d z | ||
| 999 | f | f | |s e07b48d3-49b9-41c0-87ee-c5e30ef09fec |i 2fcf4300-14c4-4c5e-ad92-5c5ef6ea951a |t 0 |
| 952 | f | f | |a Middle Tennessee State University |b Main |c James E. Walker Library |d Electronic Resources |t 1 |e QA76.585 |h Library of Congress classification |
| 856 | 4 | 0 | |3 O'Reilly |t 0 |u https://go.oreilly.com/middle-tennessee-state-university/library/view/-/9781492069416/?ar |z CONNECT |
