Azure Virtual Machines

Overview

• Provides on-demand virtual compute resources

Capabilities

Extensions

• Extensions are small applications that provide post-deployment configuration and automation on Azure virtual machines (VMs) both on Windows and Linux such as executing code, installers, and more

• Requires the Azure Windows VM Agent or Azure Linux VM Agent

• Extensions may be region dependent

Instance Metadata Service (IMDS)

• Exposes several categories of information such as instance details (OS info, networking, etc.), scheduled events (VM maintenance jobs), Load Balancer info, tokens for Managed Identities (if assigned), and more

• Available at the following URL: http://169.254.169.254/metadata/

Retrieving Access Token

• If a Managed Identity is assigned to the instance, we can retrieve its bearer token

• Other examples such as using GO, Python, etc. are found here

Security Configuration

Commands & Examples

Execute Arbitrary Code

Reverse Shell

CLI Cheat Sheet

GitBookapp.gitbook.com

Offensive Security Tactics & Techniques

• links to examples

Additional Resources

Overview of virtual machines in Azure - Azure Virtual MachinesMicrosoftLearn