The App Service has a system-assigned managed identity enabled. Identify the managed identity principal ID.
A managed identity has Key Vault Secrets User access to kv-finance-prod. Enumerate secrets and retrieve the hidden flag.
After authenticating as the service principal, enumerate its assigned Azure RBAC role. Which role does it have?
Using the privileges of the previously compromised App Registration, explore the Azure environment to identify and access sensitive information. What is the final flag retrieved from the tenant?
Carefully enumerate the accessible Azure Blob Container to locate a file containing credentials for an App Registration within the tenant. What is the Application/Client ID of the discovered App Registration?
A compromised principal has permission to list role assignments. Identify which user has the User Access Administrator role at the resource group scope.
While exploring the table storage, you’ve uncovered information that provides limited access to a storage account. Using this access, enumerate the blob containers. Which of the following containers is available?
You’ve gained access to the Azure environment, now dig deeper. One of the accessible resources contains a hidden flag.
You’ve discovered that the compromised user holds directory-level privileges. Enumerate how this role can be abused to compromise another user in the directory. What is the Job Title attribute of the compromised target user?