PowerZure is a PowerShell project created to assess and exploit resources within Microsoft’s cloud platform, Azure. PowerZure was created out of the need for a framework that can both perform reconnaissance and exploitation of Azure.

Getting Started

An overview of Azure, Azure AD, and PowerZure is covered in my blog post here https://posts.specterops.io/attacking-azure-azure-ad-and-introducing-powerzure-ca70b330511a

To get started with PowerZure, make sure the requirements are met. If you do not have the Az Module, PowerZure will ask you if you’d like to install it automatically when importing PowerZure as a module. PowerZure does require an Administrative PowerShell window, >= version 5.0. There is no advantage to running PowerZure on a compromised/pwned machine. Since you’re interacting with the cloud, it’s opsec safe to use from a bastion operating host, or if you’re feeling adventurous, your own host. Read the operational usage page here

Additionally, you must sign-in to Azure before PowerZure functions are made available. To sign in, use the cmdlet

Connect-AzAccount

Once you are signed in to Azure, you can import PowerZure:

ipmo C:\Path\To\Powerzure.psd1

Upon importing, it will list your current role and available subscriptions. From there, you can run

Get-AzureTarget

To get a list of resources you have access to.