> ## Documentation Index > Fetch the complete documentation index at: https://bloodhound.specterops.io/llms.txt > Use this file to discover all available pages before exploring further. # AZContributor > The contributor role grants almost all abusable privileges in all circumstances, with some exceptions. Those exceptions are not collected by AzureHound. Applies to BloodHound Enterprise and CE ## Abuse Info This depends on what the target object is: * **Key Vault:** You can read secrets and alter access policies (grant yourself access to read secrets) * **Automation Account:** You can create a new runbook that runs as the Automation Account, and edit existing runbooks. Runbooks can be used to authenticate as the Automation Account and abuse privileges held by the Automation Account. If the Automation Account is using a ‘RunAs’ account, you can gather the certificate used to login and impersonate that account. * **Virtual Machine:** Run SYSTEM commands on the VM ## Opsec Considerations This will depend on which particular abuse you perform, but in general Azure will create a log event for each abuse. ## References * [https://blog.netspi.com/maintaining-azure-persistence-via-automation-accounts/](https://blog.netspi.com/maintaining-azure-persistence-via-automation-accounts/) * [https://blog.netspi.com/azure-automation-accounts-key-stores/](https://blog.netspi.com/azure-automation-accounts-key-stores/) * [https://blog.netspi.com/get-azurepasswords/](https://blog.netspi.com/get-azurepasswords/) * [https://blog.netspi.com/attacking-azure-cloud-shell/](https://blog.netspi.com/attacking-azure-cloud-shell/)