Skip to content

Intermediate red team icon   azure

Abuse JWT Assertion in Azure

How attackers can abuse Azure features to escalate privileges and access sensitive information

Overview

We created this intermediate-level lab to demonstrate how threat actors can use Certificate-Based Authentication (CBA), Privileged Identity Management (PIM) and Azure Container Registry to escalate privileges and access sensitive data. This lab also showcases tactics such as user and service principal impersonation via JWT assertion, Key Vault and Microsoft Graph API abuse.

 
Scenario

As part of a red team assessment for MegaBigTech, we have been engaged to test the security posture of their new Crypto Operations and PKI Infrastructure team. In previous engagements, we obtained credentials for a user named Mark Lantern. This walkthrough will guide you through leveraging those credentials to escalate privileges and ultimately retrieve data stored within an Azure Container Registry (ACR).

Lab prerequisites
  • Familiarity with the command line
  • Basic understanding of Azure
  • Basic understanding of Microsoft Graph
Learning outcomes
  • "Certificate-Based Authentication (CBA) abuse
  • Service principal impersonation via JWT assertion
  • Entra ID and Key Vault enumeration
    Azure Container Registry abuse
  • Elevation of privileges via Azure Privileged Identity Management (PIM)"
platform mock(1)

Cloud Security Training To Protect Your Business

Pwned Labs for Business gives your team access to dedicated business content, including labs and cyber ranges.

We also offer in-person or remote workshops, and our cloud penetration services are helping businesses become more secure!