AZOwner

Abuse Info
Opsec Considerations
References

AZOwner targets resources in Azure Resource Manager (for example AZResourceGroup, AZSubscription, and AZVM) through role assignment called “Owner”.

The edges AZOwner and AZOwns are distinct as they each apply their own distinct identity and access management platform (AzureRM and Entra ID respectively) with distinct mechanics, abuse primitives, and remediation steps.

Abuse Info

Everything a Contributor can do, with the addition of assigning rights to resources. Object ownership means almost all abuses are possible against the target object.

Opsec Considerations

This depends on which abuse you perform, but in general Azure will create a log for each abuse action.

References

https://blog.netspi.com/attacking-azure-with-custom-script-extensions/
https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#owner

AZNodeResourceGroup AZOwns

⌘I

Get Started with BloodHound

Install a Data Collector

Collect Data

OpenGraph

OpenHound

Analyze Attack Path Data

Manage BloodHound

API & Integrations

Resources

Abuse Info

Opsec Considerations

References

Get Started with BloodHound

Install a Data Collector

Collect Data

OpenGraph

OpenHound

Analyze Attack Path Data

Manage BloodHound

API & Integrations

Resources

Documentation Index

​Abuse Info

​Opsec Considerations

​References

Abuse Info

Opsec Considerations

References