Vajra is a UI-based tool with multiple techniques for attacking and enumerating in the target's Azure environment. It features an intuitive web-based user interface built with the Python Flask module for a better user experience. The primary focus of this tool is to have different attacking techniques all at one place with web UI interfaces. Vajra is designed to be used for initial as well as post-exploitation using Cloud RedTeam activity.
Following features are available at the moment:
- Attacking i. OAuth Based Phishing (Illicit Consent Grant Attack) a. Exfiltrate Data b. Enumerate Environment c. Deploy Backdoors d. Send mails/Create Rules ii. Password Spray iii. Password Brute Force
- Enumeration i. Users ii. Subdomain iii. Azure Ad iv. Azure Services
Note: This tool has been tested in an environment that had around 3 Lakh principals like users, groups, enterprise applications, etc.
Raunak Parmar works as a Lead Penetration Tester. Web/Cloud security, source code review, scripting, and development are some of his interests, and familiar with PHP, NodeJs, Python, Ruby, and Java. He is OSWE certified and the author of Vajra & 365-Stealer.
Starts at Sunday March 27 2022, 10:45 AM. The sessions runs for about 1 hour.