diff --git a/Methodology and Resources/Cloud - Azure Pentest.md b/Methodology and Resources/Cloud - Azure Pentest.md index ec7384d..b84ac81 100644 --- a/Methodology and Resources/Cloud - Azure Pentest.md +++ b/Methodology and Resources/Cloud - Azure Pentest.md @@ -30,8 +30,9 @@ $ git clone https://github.com/hausec/PowerZure $ ipmo .\PowerZure $ Set-Subscription -Id [idgoeshere] + # Reader - $ Get-Runbook + $ Get-Runbook, Get-AllUsers, Get-Apps, Get-Resources, Get-WebApps, Get-WebAppDetails # Contributor $ Execute-Command -OS Windows -VM Win10Test -ResourceGroup Test-RG -Command "whoami" diff --git a/SAML Injection/README.md b/SAML Injection/README.md index e244bfd..2ba8dae 100644 --- a/SAML Injection/README.md +++ b/SAML Injection/README.md @@ -70,7 +70,7 @@ XML Signature Wrapping (XSW) attack, some implementations check for a valid sign - XSW1 – Applies to SAML Response messages. Add a cloned unsigned copy of the Response after the existing signature. - XSW2 – Applies to SAML Response messages. Add a cloned unsigned copy of the Response before the existing signature. - XSW3 – Applies to SAML Assertion messages. Add a cloned unsigned copy of the Assertion before the existing Assertion. -- XSW4 – Applies to SAML Assertion messages. Add a cloned unsigned copy of the Assertion after the existing Assertion. +- XSW4 – Applies to SAML Assertion messages. Add a cloned unsigned copy of the Assertion within the existing Assertion. - XSW5 – Applies to SAML Assertion messages. Change a value in the signed copy of the Assertion and adds a copy of the original Assertion with the signature removed at the end of the SAML message. - XSW6 – Applies to SAML Assertion messages. Change a value in the signed copy of the Assertion and adds a copy of the original Assertion with the signature removed after the original signature. - XSW7 – Applies to SAML Assertion messages. Add an “Extensions” block with a cloned unsigned assertion.