-
Notifications
You must be signed in to change notification settings - Fork 1.7k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
50 changed files
with
476 additions
and
485 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,6 +1,7 @@ | ||
| const Abuse = (sourceName, sourceType, targetName, targetType) => { | ||
| let text = ``; | ||
| return { __html: text }; | ||
| import React from 'react'; | ||
|
|
||
| const Abuse = () => { | ||
| return <></>; | ||
| }; | ||
|
|
||
| export default Abuse; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,11 +1,25 @@ | ||
| import { groupSpecialFormat} from '../Formatter'; | ||
| import React from 'react'; | ||
|
|
||
| const General = (sourceName, sourceType, targetName, targetType) => { | ||
| let text = `Azure provides several systems and mechanisms for granting control of securable objects within Azure Active Directory, including tenant-scoped admin roles, object-scoped admin roles, explicit object ownership, and API permissions. | ||
| When a principal has been granted "Cloud App Admin" or "App Admin" against the tenant, that principal gains the ability to add new secrets to all Service Principals and App Registrations. Additionally, a principal that has been granted "Cloud App Admin" or "App Admin" against, or explicit ownership of a Service Principal or App Registration gains the ability to add secrets to that particular object. | ||
| `; | ||
| return { __html: text }; | ||
| const General = () => { | ||
| return ( | ||
| <> | ||
| <p> | ||
| Azure provides several systems and mechanisms for granting | ||
| control of securable objects within Azure Active Directory, | ||
| including tenant-scoped admin roles, object-scoped admin roles, | ||
| explicit object ownership, and API permissions. | ||
| </p> | ||
| <p> | ||
| When a principal has been granted "Cloud App Admin" or "App | ||
| Admin" against the tenant, that principal gains the ability to | ||
| add new secrets to all Service Principals and App Registrations. | ||
| Additionally, a principal that has been granted "Cloud App | ||
| Admin" or "App Admin" against, or explicit ownership of a | ||
| Service Principal or App Registration gains the ability to add | ||
| secrets to that particular object. | ||
| </p> | ||
| </> | ||
| ); | ||
| }; | ||
|
|
||
| export default General; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,6 +1,7 @@ | ||
| import React from 'react'; | ||
|
|
||
| const Opsec = () => { | ||
| let text = ``; | ||
| return { __html: text }; | ||
| return <></> | ||
| }; | ||
|
|
||
| export default Opsec; |
22 changes: 18 additions & 4 deletions
22
src/components/Modals/HelpTexts/AZAddSecret/References.jsx
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,8 +1,22 @@ | ||
| import React from 'react'; | ||
|
|
||
| const References = () => { | ||
| let text = `<a href="https://attack.mitre.org/techniques/T1098/">ATT&CK T1098: Account Manipulation</a> | ||
| <a href="https://posts.specterops.io/azure-privilege-escalation-via-service-principal-abuse-210ae2be2a5">Andy Robbins - Azure Privilege Escalation via Service Principal Abuse</a> | ||
| <a href="https://docs.microsoft.com/en-us/azure/active-directory/roles/assign-roles-different-scopes">Assign Azure AD roles at different scopes</a>`; | ||
| return { __html: text }; | ||
| return ( | ||
| <> | ||
| <a href='https://attack.mitre.org/techniques/T1098/'> | ||
| ATT&CK T1098: Account Manipulation | ||
| </a> | ||
| <br /> | ||
| <a href='https://posts.specterops.io/azure-privilege-escalation-via-service-principal-abuse-210ae2be2a5'> | ||
| Andy Robbins - Azure Privilege Escalation via Service Principal | ||
| Abuse | ||
| </a> | ||
| <br /> | ||
| <a href='https://docs.microsoft.com/en-us/azure/active-directory/roles/assign-roles-different-scopes'> | ||
| Assign Azure AD roles at different scopes | ||
| </a> | ||
| </> | ||
| ); | ||
| }; | ||
|
|
||
| export default References; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,6 +1,7 @@ | ||
| const Abuse = (sourceName, sourceType, targetName, targetType) => { | ||
| let text = ``; | ||
| return { __html: text }; | ||
| import React from 'react'; | ||
|
|
||
| const Abuse = () => { | ||
| return <></> | ||
| }; | ||
|
|
||
| export default Abuse; |
13 changes: 10 additions & 3 deletions
13
src/components/Modals/HelpTexts/AZAvereContributor/General.jsx
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,6 +1,13 @@ | ||
| const General = (sourceName, sourceType, targetName, targetType) => { | ||
| let text = `Any principal granted the Avere Contributor role, scoped to the affected VM, can reset the built-in administrator password on the VM.`; | ||
| return { __html: text }; | ||
| import React from 'react'; | ||
|
|
||
| const General = () => { | ||
| return ( | ||
| <p> | ||
| Any principal granted the Avere Contributor role, scoped to the | ||
| affected VM, can reset the built-in administrator password on the | ||
| VM. | ||
| </p> | ||
| ); | ||
| }; | ||
|
|
||
| export default General; |
10 changes: 8 additions & 2 deletions
10
src/components/Modals/HelpTexts/AZAvereContributor/Opsec.jsx
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,6 +1,12 @@ | ||
| import React from 'react'; | ||
|
|
||
| const Opsec = () => { | ||
| let text = `Azure will log each password reset event, including who performed the reset, against which account, and at what date and time.`; | ||
| return { __html: text }; | ||
| return ( | ||
| <p> | ||
| Azure will log each password reset event, including who performed | ||
| the reset, against which account, and at what date and time. | ||
| </p> | ||
| ); | ||
| }; | ||
|
|
||
| export default Opsec; |
21 changes: 17 additions & 4 deletions
21
src/components/Modals/HelpTexts/AZAvereContributor/References.jsx
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,8 +1,21 @@ | ||
| import React from 'react'; | ||
|
|
||
| const References = () => { | ||
| let text = `<a href="https://attack.mitre.org/tactics/TA0008/">ATT&CK T0008: Lateral Movement</a> | ||
| <a href="https://attack.mitre.org/techniques/T1021/">ATT&CK T1021: Remote Services</a> | ||
| <a href="https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#avere-contributor">Microsoft Docs - Avere Contributor</a>`; | ||
| return { __html: text }; | ||
| return ( | ||
| <> | ||
| <a href='https://attack.mitre.org/tactics/TA0008/'> | ||
| ATT&CK T0008: Lateral Movement | ||
| </a> | ||
| <br /> | ||
| <a href='https://attack.mitre.org/techniques/T1021/'> | ||
| ATT&CK T1021: Remote Services | ||
| </a> | ||
| <br /> | ||
| <a href='https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#avere-contributor'> | ||
| Microsoft Docs - Avere Contributor | ||
| </a> | ||
| </> | ||
| ); | ||
| }; | ||
|
|
||
| export default References; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,6 +1,7 @@ | ||
| const Abuse = (sourceName, sourceType, targetName, targetType) => { | ||
| let text = ``; | ||
| return { __html: text }; | ||
| import React from 'react'; | ||
|
|
||
| const Abuse = () => { | ||
| return <></>; | ||
| }; | ||
|
|
||
| export default Abuse; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,8 +1,7 @@ | ||
| import { groupSpecialFormat} from '../Formatter'; | ||
| import React from 'react'; | ||
|
|
||
| const General = (sourceName, sourceType, targetName, targetType) => { | ||
| let text = ``; | ||
| return { __html: text }; | ||
| const General = () => { | ||
| return <></>; | ||
| }; | ||
|
|
||
| export default General; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,6 +1,7 @@ | ||
| import React from 'react'; | ||
|
|
||
| const Opsec = () => { | ||
| let text = ``; | ||
| return { __html: text }; | ||
| return <></>; | ||
| }; | ||
|
|
||
| export default Opsec; |
19 changes: 14 additions & 5 deletions
19
src/components/Modals/HelpTexts/AZExecuteCommand/References.jsx
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,8 +1,17 @@ | ||
| import React from 'react'; | ||
|
|
||
| const References = () => { | ||
| let text = ` | ||
| <a href="https://attack.mitre.org/tactics/TA0002/">MITRE: Execution</a> | ||
| <a href="https://blog.netspi.com/attacking-azure-with-custom-script-extensions/">Attacking Azure with custom script extensions</a>`; | ||
| return { __html: text }; | ||
| return ( | ||
| <> | ||
| <a href='https://attack.mitre.org/tactics/TA0002/'> | ||
| MITRE: Execution | ||
| </a> | ||
| <br /> | ||
| <a href='https://blog.netspi.com/attacking-azure-with-custom-script-extensions/'> | ||
| Attacking Azure with custom script extensions | ||
| </a> | ||
| </> | ||
| ); | ||
| }; | ||
|
|
||
| export default References; | ||
| export default References; |
Oops, something went wrong.