carlospolop
commented
5 days ago Nice one!! Thanks for sharing @xybytes !
Closed xybytes closed 5 days ago
carlospolop
commented
5 days ago Nice one!! Thanks for sharing @xybytes !
Hi, this is an attack that I presented this year at BSides Leeds. It focuses on Azure Arc and GPO deployment script misconfigurations that can be exploited to compromise the service principal secret. This allows lateral movement to the cloud, and if the service principal has sufficient permissions, potentially back to the on-premises environment. I have added the file in the az-lateral-movement-cloud-on-prem directory. I hope this is correct. I tried to keep the explanation concise so you can focus on the exploitation part, and if you need more details, please refer to my article linked in the reference.