Abstract

Vajra is a UI-based tool with multiple techniques for attacking and enumerating in the target's Azure environment. It features an intuitive web-based user interface built with the Python Flask module for a better user experience. The primary focus of this tool is to have different attacking techniques all at one place with web UI interfaces. Vajra is designed to be used for initial as well as post-exploitation using Cloud RedTeam activity.

Following features are available at the moment:

1. Attacking i. OAuth Based Phishing (Illicit Consent Grant Attack) a. Exfiltrate Data b. Enumerate Environment c. Deploy Backdoors d. Send mails/Create Rules ii. Password Spray iii. Password Brute Force
2. Enumeration i. Users ii. Subdomain iii. Azure Ad iv. Azure Services

Note: This tool has been tested in an environment that had around 3 Lakh principals like users, groups, enterprise applications, etc.

Speaker

Raunak parmar

Raunak Parmar is an information security professional whose areas of interest include web penetration testing, Azure/AWS security, source code review, scripting, and development.

He has 2+ years of experience in information security. Raunak likes to research new attack methodologies and create open-source tools that can be used during Cloud Security assessments. He has worked extensively on Azure and AWS.

He is the author of Vajra an offensive cloud security tool. He has spoken at multiple conferences like Blackhat, Defcon, and Nullcon.

Timing

Starts at Sunday March 20 2022, 10:45 AM. The sessions runs for about 1 hour.

Resources