AZOwner

AZOwner targets resources in AzureRM (for example AZResourceGroup, AZSubscription, and AZVM) through role assignment called “Owner”. Note: The edges AZOwner and AZOwns are distinct as they each apply their own distinct identity and access management platform (AzureRM and Entra ID respectively) with distinct mechanics, abuse primitives, and remediation steps.

Abuse Info

Everything a Contributor can do, with the addition of assigning rights to resources. Object ownership means almost all abuses are possible against the target object.

Opsec Considerations

This depends on which abuse you perform, but in general Azure will create a log for each abuse action.

References

https://blog.netspi.com/attacking-azure-with-custom-script-extensions/
https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#owner

Get Started with BloodHound

Install a Data Collector

Collect Data

OpenGraph

Analyze Attack Path Data

Manage BloodHound

API & Integrations

Resources

Abuse Info

Opsec Considerations

References

Get Started with BloodHound

Install a Data Collector

Collect Data

OpenGraph

Analyze Attack Path Data

Manage BloodHound

API & Integrations

Resources

​Abuse Info

​Opsec Considerations

​References

Abuse Info

Opsec Considerations

References