Privilege Escalation

Some good questions to ask after gaining a foothold with a compromised user are:

  • Is the user part of any group? If so, does this group has any role assigned to it?

  • Does the user have any Azure Entra ID roles assigned to them?

  • Which objects has this user created?

  • Is this user the owner of any service principal?

PreviousAzure SQL databasesNextIllicit Consent Grant

Last updated