Certified Cloud Pentesting eXpert - Azure Questions and Answers
You find a SAS token in a table entity. The token starts with:
?sv=2025-01-05 & ss=b & srt=sco & sp=rl & se=2026-08-01T00:00:00Z
Which permissions does sp=rl grant?
Using the Azure access of the second compromised user, perform lateral movement within the environment to discover sensitive information. What is the flag uncovered during this activity?
From inside the App Service environment, request an Azure Resource Manager token using the managed identity endpoint. Which resource value should be requested for Azure Resource Manager access?
With access to the Web App’s Managed Identity, you can now query certain Azure Resources. Use this access to uncover the hidden secret left behind during provisioning. What is the secret?
The App Service has a system-assigned managed identity enabled. Identify the managed identity principal ID.
While exploring the table storage, you’ve uncovered information that provides limited access to a storage account. Using this access, enumerate the blob containers. Which of the following containers is available?
ExcaliburCorp has recently migrated part of its infrastructure to Microsoft Azure. Shortly after the migration, the company suffered a security breach resulting in the exposure of sensitive internal data. Their investigation revealed that the attack originated from a disgruntled developer who has since disappeared. To assess and mitigate further risks, ExcaliburCorp has granted you access to a replica Azure environment with the same permissions the developer had at the time of the incident. Your task is to simulate the attacker’s actions, uncover the full extent of the compromise, and identify vulnerable configurations or services that enabled the breach.
Using the provided Azure login credentials, perform OSINT and reconnaissance to identify the Azure Active Directory/AAD Tenant ID associated with the environment.
A storage account allows public blob access. Enumerate containers and identify the public container that exposes backup files.
A managed identity has Key Vault Secrets User access to kv-finance-prod. Enumerate secrets and retrieve the hidden flag.