Azure Privilege Escalation via Service Principal Abuse


Intro and Prior Work

On-prem Active Directory is here to stay, and so is Azure Active Directory. While these products have similar names, they in fact work very differently from one another. There are hints of vanilla AD’s discretionary access control model in Azure, but permissions in Azure are mostly controlled through granted roles. Regardless of these differences, configuration-based attack primitives are alive and well in Azure, and researchers discover new attack primitives in Azure all t…

Read More