Azure Persistence

if you can modify a resource this is a good avenue for persistence
- or if you can create one

we can use some attacks for persistence too

Hybrid Identities
Illicit Consent Attack with low- and high-privileges
Automation Accounts with client-secrets and high privileges

we can create new stuff

Illicit Consent Attack with low- and high-privileges
Automation Accounts with client-secrets and high privileges

we can create a new federated domain

PS> ConvertTo-AADIntBackdoor -DomainName domainame.io
PS> Get-MsolUser | select userPrincipalName, ImmutableID
PS> Open-AADIntOffice365Portal ..

ADFS: create a new token signing certificate

PS> New-AADIntADFSSelfSignedCertificates
PS> Update-AADIntADFSFederationSettings -Domain cyberranges.io

storage account access keys

SAS URLs
- you can do this offline with the access keys
are not automatically rotated
- unless keyvault managed storage account

Other Ideas

Backdoor Azure VM
- operating system persistence tools
- create snapshot of the disk and extract SAM, etc.
custom azure AD roles
deployment automations
- attack github, not azure to avoid detection, maybe?