Azure Dynamic Groups + Intune + Android Bootloader

pull/18/head
Swissky 2024-08-24 13:05:12 +02:00
parent 693a809664
commit d0f0d281fd
4 changed files with 91 additions and 23 deletions

View File

@ -2,7 +2,7 @@
> Root Management Group (Tenant) > Management Group > Subscription > Resource Group > Resource
* Users
* Users (User, Groups, Dynamic Groups)
* Devices
* Service Principals (Application and Managed Identities)
@ -35,7 +35,10 @@
### Dynamic Group Membership
Get groups that allow Dynamic membership: `Get-AzureADMSGroup | ?{$_.GroupTypes -eq 'DynamicMembership'}`
Get groups that allow Dynamic membership:
* Powershell Azure AD: `Get-AzureADMSGroup | ?{$_.GroupTypes -eq 'DynamicMembership'}`
* RoadRecon database: `select objectId, displayName, description, membershipRule, membershipRuleProcessingState, isMembershipRuleLocked from groups where membershipRule is not null;`
Rule example : `(user.otherMails -any (_ -contains "vendor")) -and (user.userType -eq "guest")`
Rule description: Any Guest user whose secondary email contains the string 'vendor' will be added to the group

View File

@ -38,11 +38,19 @@
```
* [**hausec/PowerZure**](https://github.com/hausec/PowerZure) - PowerShell framework to assess Azure security
```powershell
PS C:> Import-Module .\Powerzure.psd1
PS C:> Set-Subscription -Id [idgoeshere]
PS C:> Get-AzureTarget
PS C:> Get-AzureInTuneScript
PS C:> Show-AzureKeyVaultContent -All
Import-Module .\Powerzure.psd1
Set-Subscription -Id [idgoeshere]
Get-AzureTarget
Get-AzureInTuneScript
Show-AzureKeyVaultContent -All
```
* [**silverhack/monkey365**](https://github.com/silverhack/monkey365) - Microsoft 365, Azure subscriptions and Microsoft Entra ID security configuration reviews.
```powershell
Get-ChildItem -Recurse c:\monkey365 | Unblock-File
Import-Module C:\temp\monkey365
Get-Help Invoke-Monkey365
Get-Help Invoke-Monkey365 -Examples
Get-Help Invoke-Monkey365 -Detailed
```
* [**Flangvik/TeamFiltration**](https://github.com/Flangvik/TeamFiltration) - TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts
```ps1

View File

@ -1,7 +1,50 @@
# Azure Services - Microsoft Intune
Microsoft Intune is a cloud-based service that provides mobile device management (MDM) and mobile application management (MAM). It allows organizations to control and secure access to corporate data on mobile devices, including smartphones, tablets, and PCs. With Intune, businesses can enforce security policies, manage apps, and ensure that devices comply with organizational requirements, whether they are company-owned or personal (BYOD).
## Intunes Administration
**Requirements**:
* **Global Administrator** or **Intune Administrator** Privilege
```powershell
Get-AzureADGroup -Filter "DisplayName eq 'Intune Administrators'"
```
**Walkthrough**
1. Login into https://endpoint.microsoft.com/#home or use Pass-The-PRT
2. Go to **Devices** -> **All Devices** to check devices enrolled to Intune
3. Go to **Scripts** and click on **Add** for Windows 10.
4. Add a **Powershell script**
5. Specify **Add all users** and **Add all devices** in the **Assignments** page.
:warning: It will take up to one hour before you script is executed !
## Intune Scripts
**Requirements**:
* App with permission: `DeviceManagementConfiguration.Read.All`
**Extract Intune scripts**:
* [okieselbach/Get-DeviceManagementScripts.ps1](https://raw.githubusercontent.com/okieselbach/Intune/master/Get-DeviceManagementScripts.ps1) - Get all or individual Intune PowerShell scripts and save them in specified folder.
```ps1
Get-DeviceManagementScripts -FolderPath C:\temp -FileName myScript.ps1
```
* [okieselbach/Get-DeviceHealthScripts.ps1](https://raw.githubusercontent.com/okieselbach/Intune/master/Get-DeviceHealthScripts.ps1) - Get all or individual Intune PowerShell Health scripts (aka Proactive Remediation scripts) and save them in specified folder.
```ps1
Get-DeviceHealthScripts -FolderPath C:\temp\HealthScripts
```
## LAPS
Some organization have recreated LAPS for Azure devices using Intune scripts.
```ps1
#requires -modules Microsoft.Graph.Authentication
#requires -modules Microsoft.Graph.Intune
@ -17,21 +60,9 @@ Get-IntuneManagedDevice -Filter "Platform eq 'Windows'" |
```
## Intunes Administration
Requirements:
* **Global Administrator** or **Intune Administrator** Privilege : `Get-AzureADGroup -Filter "DisplayName eq 'Intune Administrators'"`
1. Login into https://endpoint.microsoft.com/#home or use Pass-The-PRT
2. Go to **Devices** -> **All Devices** to check devices enrolled to Intune
3. Go to **Scripts** and click on **Add** for Windows 10.
4. Add a **Powershell script**
5. Specify **Add all users** and **Add all devices** in the **Assignments** page.
:warning: It will take up to one hour before you script is executed !
## References
* [Microsoft Intune - Microsoft Intune support for Windows LAPS](https://learn.microsoft.com/en-us/mem/intune/protect/windows-laps-overview)
* [Training - Attacking and Defending Azure Lab - Altered Security](https://www.alteredsecurity.com/azureadlab)
* [Training - Attacking and Defending Azure Lab - Altered Security](https://www.alteredsecurity.com/azureadlab)
* [Get back your Intune Proactive Remediation Scripts - Oliver Kieselbach - September 7, 2022](https://oliverkieselbach.com/2022/09/07/get-back-your-intune-proactive-remediation-scripts/)
* [Get back your Intune PowerShell Scripts - Oliver Kieselbach - February 6, 2020](https://oliverkieselbach.com/2020/02/06/get-back-your-intune-powershell-scripts/)

View File

@ -419,6 +419,31 @@ emulator -avd Pixel_8_API_34 -writable-system
| `-port 5556` | Set the ADB TCP port number |
## Unlock Bootloader
**Requirements**:
* Enable `Settings` > `Developer Options` > `OEM unlocking`
* Enable `Settings` > `Developer Options` > `USB Debugging`
Unlock the bootloader will wipe the userdata partition. On some device these methods will require a key to successfully unlock the bootloader.
* Method 1
```ps1
adb reboot bootloader
fastboot oem unlock
```
* Method 2
```ps1
adb reboot bootloader
fastboot flashing unlock
```
* Methods based on the chip
* For Qualcomm devices, you can use EDL (Emergency Download Mode)
* For MediaTek devices, BROM (Boot ROM) mode
* For Unisoc devices, Research Download Mode.
## References
* [Android App Reverse Engineering 101 - @maddiestone](https://www.ragingrock.com/AndroidAppRE/)
@ -429,4 +454,5 @@ emulator -avd Pixel_8_API_34 -writable-system
* [Configuring Burp Suite with Android Emulators - Aashish Tamang - Jun 6, 2022](https://blog.yarsalabs.com/setting-up-burp-for-android-application-testing/)
* [Introduction to Android Pentesting - Jarrod - July 8, 2024](https://owlhacku.com/introduction-to-android-pentesting/)
* [A beginners guide to using Frida to bypass root detection. - DianaOpanga - Nov 27, 2023](https://medium.com/@dianaopanga/a-beginners-guide-to-using-frida-to-bypass-root-detection-16af76b989ac)
* [Appium documentation](https://appium.io/docs/en/latest/)
* [Appium documentation](https://appium.io/docs/en/latest/)
* [How to root an Android device for analysis and vulnerability assessment - Joe Lovett - 23 Aug 2024](https://www.pentestpartners.com/security-blog/how-to-root-an-android-device-for-analysis-and-vulnerability-assessment/)