Azure Persistence
- if you can modify a resource this is a good avenue for persistence
we can use some attacks for persistence too
we can create new stuff
we can create a new federated domain
ADFS: create a new token signing certificate
storage account access keys
- SAS URLs
- you can do this offline with the access keys
- are not automatically rotated
- unless keyvault managed storage account
Other Ideas
- Backdoor Azure VM
- operating system persistence tools
- create snapshot of the disk and extract SAM, etc.
- custom azure AD roles
- deployment automations
- attack github, not azure to avoid detection, maybe?