Maneuver Through Azure Service Firewalls

Azure Service Firewalls enforce network access controls, giving them an appearance of strong security. However, subtle configuration discrepancies may introduce firewall gaps, potentially creating hidden exfiltration paths that allow attackers to slide through defenses.

Mega Big Tech has hired our pentest firm to perform an external assessment. Since their public assets are hosted on the Microsoft Cloud, any Azure and EntraID assets are in-scope, should they be compromised throughout the engagement.

Among the many Fully Qualified Domain Names listed for the engagement, one website appears to be a promising target.

Can you help Megabigtech pinpoint and address any vulnerabilities, including exposed credentials, network security gaps, opportunities for lateral movement, and risks of data exfiltration?

• Familiarity with Azure CLI, cURL, JSON, Python3 and SQL
• Basic web application penetration testing knowledge
• (Optional) A separate Azure subscription with Azure Cloud Shell or Azure Virtual Machine

You'll be maneuvering around (and learning to defend) Azure Service Firewalls belonging to:

• Azure PostgreSQL
• Azure MSSQL
• Storage Accounts
• CosmosDBs
• Key Vaults

Azure Service Firewalls (ASFs) are a crucial security measure that help deter unwanted traffic by enforcing strict rules and access controls. They significantly reduce the risk of unauthorized access by filtering out malicious requests.

However, it is important to understand that ASFs do not block all network-level access. Some Azure services are designed to communicate with addresses within the broader Azure address space - essential for their operations - even when the firewall is active. This means that, in certain cases, ASFs can be circumvented. In this lab, we showcase five services where such maneuvering is possible, highlighting the need for a layered security approach that addresses these inherent gaps.