InternalAllTheThings/docs/cloud/azure/azure-services-storage-blob.md

# Azure Services - Storage Blob

* Blobs - `*.blob.core.windows.net`
* File Services - `*.file.core.windows.net`
* Data Tables - `*.table.core.windows.net`
* Queues - `*.queue.core.windows.net`


## Enumerate blobs

```powershell
PS > . C:\Tools\MicroBurst\Misc\InvokeEnumerateAzureBlobs.ps1
PS > Invoke-EnumerateAzureBlobs -Base <SHORT DOMAIN> -OutputFile azureblobs.txt
Found Storage Account -  redacted.blob.core.windows.net
```


## List and download blobs

```powershell
PS Az> Get-AzResource
PS Az> Get-AzStorageAccount -name <NAME> -ResourceGroupName <NAME>
PS Az> Get-AzStorageContainer -Context (Get-AzStorageAccount -name <NAME> -ResourceGroupName <NAME>).context
PS Az> Get-AzStorageBlobContent -Container <NAME> -Context (Get-AzStorageAccount -name <NAME> -ResourceGroupName <NAME>).context -Blob
```

Retrieve exposed containers with public access

```ps1
PS Az> (Get-AzStorageAccount | Get-AzStorageContainer).cloudBlobContainer | select Uri,@{n='PublicAccess';e={$_.Properties.PublicAccess}}
```


## SAS URL

* Use [Storage Explorer](https://azure.microsoft.com/en-us/features/storage-explorer/)
* Click on **Open Connect Dialog** in the left menu. 
* Select **Blob container**. 
* On the **Select Authentication Method** page
    * Select **Shared access signature (SAS)** and click on Next
    * Copy the URL in **Blob container SAS URL** field.

:warning: You can also use `subscription`(username/password) to access storage resources such as blobs and files.


## References

* [Training - Attacking and Defending Azure Lab - Altered Security](https://www.alteredsecurity.com/azureadlab)
Azure Services 2024-01-02 15:12:18 +00:00			`# Azure Services - Storage Blob`

			* Blobs - `*.blob.core.windows.net`
			* File Services - `*.file.core.windows.net`
			* Data Tables - `*.table.core.windows.net`
			* Queues - `*.queue.core.windows.net`

Azure - Pages v0.1 2024-01-03 14:40:20 +00:00
Azure Services 2024-01-02 15:12:18 +00:00			`## Enumerate blobs`

			```powershell
			`PS > . C:\Tools\MicroBurst\Misc\InvokeEnumerateAzureBlobs.ps1`
			`PS > Invoke-EnumerateAzureBlobs -Base <SHORT DOMAIN> -OutputFile azureblobs.txt`
			`Found Storage Account - redacted.blob.core.windows.net`
			```

Azure - Pages v0.1 2024-01-03 14:40:20 +00:00
Azure Services 2024-01-02 15:12:18 +00:00			`## List and download blobs`

			```powershell
			`PS Az> Get-AzResource`
			`PS Az> Get-AzStorageAccount -name <NAME> -ResourceGroupName <NAME>`
			`PS Az> Get-AzStorageContainer -Context (Get-AzStorageAccount -name <NAME> -ResourceGroupName <NAME>).context`
			`PS Az> Get-AzStorageBlobContent -Container <NAME> -Context (Get-AzStorageAccount -name <NAME> -ResourceGroupName <NAME>).context -Blob`
			```

Azure - Pages v0.1 2024-01-03 14:40:20 +00:00			`Retrieve exposed containers with public access`

			```ps1
			`PS Az> (Get-AzStorageAccount \| Get-AzStorageContainer).cloudBlobContainer \| select Uri,@{n='PublicAccess';e={$_.Properties.PublicAccess}}`
			```


Azure Services 2024-01-02 15:12:18 +00:00			`## SAS URL`

			`* Use [Storage Explorer](https://azure.microsoft.com/en-us/features/storage-explorer/)`
			`* Click on Open Connect Dialog in the left menu.`
			`* Select Blob container.`
			`* On the Select Authentication Method page`
			`* Select Shared access signature (SAS) and click on Next`
			`* Copy the URL in Blob container SAS URL field.`

			:warning: You can also use `subscription`(username/password) to access storage resources such as blobs and files.


			`## References`

Adding references for Altered Security labs 2024-05-24 08:48:55 +00:00			`* [Training - Attacking and Defending Azure Lab - Altered Security](https://www.alteredsecurity.com/azureadlab)`