Hi, this is an attack that I presented this year at BSides Leeds. It focuses on Azure Arc and GPO deployment script misconfigurations that can be exploited to compromise the service principal secret. This allows lateral movement to the cloud, and if the service principal has sufficient permissions, potentially back to the on-premises environment. I have added the file in the az-lateral-movement-cloud-on-prem directory. I hope this is correct. I tried to keep the explanation concise so you can focus on the exploitation part, and if you need more details, please refer to my article linked in the reference.
Hi, this is an attack that I presented this year at BSides Leeds. It focuses on Azure Arc and GPO deployment script misconfigurations that can be exploited to compromise the service principal secret. This allows lateral movement to the cloud, and if the service principal has sufficient permissions, potentially back to the on-premises environment. I have added the file in the az-lateral-movement-cloud-on-prem directory. I hope this is correct. I tried to keep the explanation concise so you can focus on the exploitation part, and if you need more details, please refer to my article linked in the reference.