Skip to content

Intermediate red team icon   azure

Abuse JWT Assertion in Azure

How attackers can abuse Azure features to escalate privileges and access sensitive information

Overview

We created this intermediate-level lab to demonstrate how threat actors can use Certificate-Based Authentication (CBA), Privileged Identity Management (PIM) and Azure Container Registry to escalate privileges and access sensitive data. This lab also showcases tactics such as user and service principal impersonation via JWT assertion, Key Vault and Microsoft Graph API abuse.

 
Scenario

As part of a red team assessment for MegaBigTech, we have been engaged to test the security posture of their new Crypto Operations and PKI Infrastructure team. In previous engagements, we obtained credentials for a user named Mark Lantern. This walkthrough will guide you through leveraging those credentials to escalate privileges and ultimately retrieve data stored within an Azure Container Registry (ACR).

Lab prerequisites
  • Familiarity with the command line
  • Basic understanding of Azure
  • Basic understanding of Microsoft Graph
Learning outcomes
  • "Certificate-Based Authentication (CBA) abuse
  • Service principal impersonation via JWT assertion
  • Entra ID and Key Vault enumeration
    Azure Container Registry abuse
  • Elevation of privileges via Azure Privileged Identity Management (PIM)"

Pwned Labs:
Your cloud security training ground

Experience, real-world, byte sized cloud security labs for training cyber warriors. From beginners to pros, our engaging platform allows you to secure your defenses, ignite your career and stay ahead of threats.

Join us at any stage of your journey

 

Get started!