AHHHZURE: creates a vulnerable Azure cloud lab

by ddos · Published · Updated

AHHHZURE

AHHHZURE is an automated vulnerable Azure deployment script designed for offensive security practitioners and enthusiasts to brush up their cloud sec skills. The lab has 5 flags in total to collect. You may start completely without assistance if you are experienced, or start with the no spoiler hints if Azure Cloud sec is quite new to you. In the future, we are planning to publish a blog post series for detailed walkthroughs on JUMPSEC Labs.

vulnerable Azure cloud lab

This lab is practically free to run in the first 30 days, going well below a new Azure account’s free credits provided by MS on sign-up ($200 as of early 2024). After the first month, you may either choose to switch to a pay-as-you-go plan or opt to freeze the paid elements. Continuing to run the lab instance as-is with pay-as-you-go, would cost a single digit of USD per month. The environment is designed to be as “one-click install” as possible and there is a small number of requirements as outlined below.

Tip: To save money after the free month: -TearDown the instance when you are not using it for an extended period, and redeploy the environment when tackling the lab again.

Target Audience

  • Pentester / Cloud engineer / Cloud Sec enthusiast who wants to get into Azure security
  • Difficulty – beginner facing
  • Specific pre-requisite skills – Some familiarity with PowerShell is good to have. Some experience with another cloud cli would help but not a must
  • Walkthrough / Hints – Detailed walkthroughs are on my to-do list, keep an eye out for JUMPSEC Labs if you are interested. For now, there are hints, either spoiler or spoiler-free in the repo.

Installation & Removal

Requirements

  • Windows Machine/VM with PowerShell version 5 or above.
  • Azure (Az) PowerShell Module. See installing Az PowerShell.
  • Az cli (64-bit version) for Windows, version >= 2.12.0. See installing Az cli.
  • An Azure Tenant that you own.

Check out the detailed instructions if you are not sure about any of the above. The script checks for the requirements and exits automatically if they are not met.

Install

Copyright (C) 2024 gladstomych

Tags: AHHHZUREvulnerable Azure cloud lab