New Technique: Access Virtual Machine using Bastion shareable link

[siigil]

What does this PR do?

New attack technique: Persistence via Azure Bastion shareable link.

Motivation

This technique has been documented as a method for maintaining VM access off-network:

• https://blog.karims.cloud/2022/11/26/yet-another-azure-vm-persistence.html
• https://microsoft.github.io/Azure-Threat-Research-Matrix/Persistence/AZT509/AZT509/
• General feature info: https://learn.microsoft.com/en-us/azure/bastion/shareable-link

Currently, I'm making the assumption that shareable links are enabled (as they may already be for a contractor or similar), to focus on the creation of a shareable link as the overall technique. Open to critique on this approach!

Checklist

• [x] The attack technique emulates a single attack step, not a full attack chain
• [x] We have factual evidence & references that the attack technique was used by real malware, pentesters, or attackers* Researcher(s), in this case.
• [x] The attack technique makes no assumption about the state of the environment prior to warming it up

[siigil]

@christophetd Added changes based on your feedback in, but as a heads up haven't retested just yet (will tomorrow AM). Feel free to change/comment anything tomorrow if you get to this first!

[siigil]

Updated technique to provide shareable link + credentials for direct bastion access.