diff --git a/docs/cloud/azure/azure-devices-users-sp.md b/docs/cloud/azure/azure-devices-users-sp.md index 6cd9788..3972340 100644 --- a/docs/cloud/azure/azure-devices-users-sp.md +++ b/docs/cloud/azure/azure-devices-users-sp.md @@ -2,7 +2,7 @@ > Root Management Group (Tenant) > Management Group > Subscription > Resource Group > Resource -* Users +* Users (User, Groups, Dynamic Groups) * Devices * Service Principals (Application and Managed Identities) @@ -35,7 +35,10 @@ ### Dynamic Group Membership -Get groups that allow Dynamic membership: `Get-AzureADMSGroup | ?{$_.GroupTypes -eq 'DynamicMembership'}` +Get groups that allow Dynamic membership: + +* Powershell Azure AD: `Get-AzureADMSGroup | ?{$_.GroupTypes -eq 'DynamicMembership'}` +* RoadRecon database: `select objectId, displayName, description, membershipRule, membershipRuleProcessingState, isMembershipRuleLocked from groups where membershipRule is not null;` Rule example : `(user.otherMails -any (_ -contains "vendor")) -and (user.userType -eq "guest")` Rule description: Any Guest user whose secondary email contains the string 'vendor' will be added to the group diff --git a/docs/cloud/azure/azure-enumeration.md b/docs/cloud/azure/azure-enumeration.md index 529520a..660cefd 100644 --- a/docs/cloud/azure/azure-enumeration.md +++ b/docs/cloud/azure/azure-enumeration.md @@ -38,11 +38,19 @@ ``` * [**hausec/PowerZure**](https://github.com/hausec/PowerZure) - PowerShell framework to assess Azure security ```powershell - PS C:> Import-Module .\Powerzure.psd1 - PS C:> Set-Subscription -Id [idgoeshere] - PS C:> Get-AzureTarget - PS C:> Get-AzureInTuneScript - PS C:> Show-AzureKeyVaultContent -All + Import-Module .\Powerzure.psd1 + Set-Subscription -Id [idgoeshere] + Get-AzureTarget + Get-AzureInTuneScript + Show-AzureKeyVaultContent -All + ``` +* [**silverhack/monkey365**](https://github.com/silverhack/monkey365) - Microsoft 365, Azure subscriptions and Microsoft Entra ID security configuration reviews. + ```powershell + Get-ChildItem -Recurse c:\monkey365 | Unblock-File + Import-Module C:\temp\monkey365 + Get-Help Invoke-Monkey365 + Get-Help Invoke-Monkey365 -Examples + Get-Help Invoke-Monkey365 -Detailed ``` * [**Flangvik/TeamFiltration**](https://github.com/Flangvik/TeamFiltration) - TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts ```ps1 diff --git a/docs/cloud/azure/azure-services-microsoft-intune.md b/docs/cloud/azure/azure-services-microsoft-intune.md index 8e61bed..4c22811 100644 --- a/docs/cloud/azure/azure-services-microsoft-intune.md +++ b/docs/cloud/azure/azure-services-microsoft-intune.md @@ -1,7 +1,50 @@ # Azure Services - Microsoft Intune +Microsoft Intune is a cloud-based service that provides mobile device management (MDM) and mobile application management (MAM). It allows organizations to control and secure access to corporate data on mobile devices, including smartphones, tablets, and PCs. With Intune, businesses can enforce security policies, manage apps, and ensure that devices comply with organizational requirements, whether they are company-owned or personal (BYOD). + + +## Intunes Administration + +**Requirements**: + +* **Global Administrator** or **Intune Administrator** Privilege + ```powershell + Get-AzureADGroup -Filter "DisplayName eq 'Intune Administrators'" + ``` + +**Walkthrough** + +1. Login into https://endpoint.microsoft.com/#home or use Pass-The-PRT +2. Go to **Devices** -> **All Devices** to check devices enrolled to Intune +3. Go to **Scripts** and click on **Add** for Windows 10. +4. Add a **Powershell script** +5. Specify **Add all users** and **Add all devices** in the **Assignments** page. + +:warning: It will take up to one hour before you script is executed ! + + +## Intune Scripts + +**Requirements**: + +* App with permission: `DeviceManagementConfiguration.Read.All` + +**Extract Intune scripts**: + +* [okieselbach/Get-DeviceManagementScripts.ps1](https://raw.githubusercontent.com/okieselbach/Intune/master/Get-DeviceManagementScripts.ps1) - Get all or individual Intune PowerShell scripts and save them in specified folder. + ```ps1 + Get-DeviceManagementScripts -FolderPath C:\temp -FileName myScript.ps1 + ``` +* [okieselbach/Get-DeviceHealthScripts.ps1](https://raw.githubusercontent.com/okieselbach/Intune/master/Get-DeviceHealthScripts.ps1) - Get all or individual Intune PowerShell Health scripts (aka Proactive Remediation scripts) and save them in specified folder. + ```ps1 + Get-DeviceHealthScripts -FolderPath C:\temp\HealthScripts + ``` + + ## LAPS +Some organization have recreated LAPS for Azure devices using Intune scripts. + ```ps1 #requires -modules Microsoft.Graph.Authentication #requires -modules Microsoft.Graph.Intune @@ -17,21 +60,9 @@ Get-IntuneManagedDevice -Filter "Platform eq 'Windows'" | ``` -## Intunes Administration - -Requirements: -* **Global Administrator** or **Intune Administrator** Privilege : `Get-AzureADGroup -Filter "DisplayName eq 'Intune Administrators'"` - -1. Login into https://endpoint.microsoft.com/#home or use Pass-The-PRT -2. Go to **Devices** -> **All Devices** to check devices enrolled to Intune -3. Go to **Scripts** and click on **Add** for Windows 10. -4. Add a **Powershell script** -5. Specify **Add all users** and **Add all devices** in the **Assignments** page. - -:warning: It will take up to one hour before you script is executed ! - - ## References * [Microsoft Intune - Microsoft Intune support for Windows LAPS](https://learn.microsoft.com/en-us/mem/intune/protect/windows-laps-overview) -* [Training - Attacking and Defending Azure Lab - Altered Security](https://www.alteredsecurity.com/azureadlab) \ No newline at end of file +* [Training - Attacking and Defending Azure Lab - Altered Security](https://www.alteredsecurity.com/azureadlab) +* [Get back your Intune Proactive Remediation Scripts - Oliver Kieselbach - September 7, 2022](https://oliverkieselbach.com/2022/09/07/get-back-your-intune-proactive-remediation-scripts/) +* [Get back your Intune PowerShell Scripts - Oliver Kieselbach - February 6, 2020](https://oliverkieselbach.com/2020/02/06/get-back-your-intune-powershell-scripts/) \ No newline at end of file diff --git a/docs/methodology/android-applications.md b/docs/methodology/android-applications.md index d397a16..ad9d5d3 100644 --- a/docs/methodology/android-applications.md +++ b/docs/methodology/android-applications.md @@ -419,6 +419,31 @@ emulator -avd Pixel_8_API_34 -writable-system | `-port 5556` | Set the ADB TCP port number | +## Unlock Bootloader + +**Requirements**: + +* Enable `Settings` > `Developer Options` > `OEM unlocking` +* Enable `Settings` > `Developer Options` > `USB Debugging` + +Unlock the bootloader will wipe the userdata partition. On some device these methods will require a key to successfully unlock the bootloader. + +* Method 1 + ```ps1 + adb reboot bootloader + fastboot oem unlock + ``` +* Method 2 + ```ps1 + adb reboot bootloader + fastboot flashing unlock + ``` +* Methods based on the chip + * For Qualcomm devices, you can use EDL (Emergency Download Mode) + * For MediaTek devices, BROM (Boot ROM) mode + * For Unisoc devices, Research Download Mode. + + ## References * [Android App Reverse Engineering 101 - @maddiestone](https://www.ragingrock.com/AndroidAppRE/) @@ -429,4 +454,5 @@ emulator -avd Pixel_8_API_34 -writable-system * [Configuring Burp Suite with Android Emulators - Aashish Tamang - Jun 6, 2022](https://blog.yarsalabs.com/setting-up-burp-for-android-application-testing/) * [Introduction to Android Pentesting - Jarrod - July 8, 2024](https://owlhacku.com/introduction-to-android-pentesting/) * [A beginners guide to using Frida to bypass root detection. - DianaOpanga - Nov 27, 2023](https://medium.com/@dianaopanga/a-beginners-guide-to-using-frida-to-bypass-root-detection-16af76b989ac) -* [Appium documentation](https://appium.io/docs/en/latest/) \ No newline at end of file +* [Appium documentation](https://appium.io/docs/en/latest/) +* [How to root an Android device for analysis and vulnerability assessment - Joe Lovett - 23 Aug 2024](https://www.pentestpartners.com/security-blog/how-to-root-an-android-device-for-analysis-and-vulnerability-assessment/) \ No newline at end of file