Azure Cloud Pen Testing Software Suite

So I’ve been working on a half Azure cloud (half web application) penetration test engagement this week.

It’s been multiple Azure Logic Apps and a few other services. Besides the usual source code review, I stumbled onto a great post to start my testing.

It’s called Illogical Apps – Exploring and Exploiting Azure Logic Apps and can be found HERE.

Using this as a starting point I was able to find multiple findings to report on.

They also mentioned their own tool called MicroBurst. It’s a “collection of scripts for assessing Microsoft Azure Security.”

Although most of it’s functionality is out of scope for my current engagement I know I will be using this quite a bit in the future.

It can be found on GitHub HERE


Leave a Reply