PowerZure is a PowerShell project created to assess and exploit resources within Microsoft’s cloud platform, Azure. PowerZure was created out of the need for a framework that can both perform reconnaissance and exploitation of Azure.
An overview of Azure, Azure AD, and PowerZure is covered in my blog post here https://posts.specterops.io/attacking-azure-azure-ad-and-introducing-powerzure-ca70b330511a
To get started with PowerZure, make sure the requirements are met. If you do not have the modules, PowerZure will ask you if you’d like to install them automatically when importing PowerZure as a module. PowerZure does require an Administrative PowerShell window, >= version 5.0. There is no advantage to running PowerZure on a compromised/pwned machine. Since you’re interacting with the cloud, it’s opsec safe to use from a bastion operating host, or if you’re feeling adventurous, your own host. Read the operational usage page here
Additionally, you must sign-in to Azure before PowerZure functions are made available. To sign in, use the cmdlet
If you are using functions that use the AzureAD module, you must additionally sign in with
If you are using functions that use the Azure PowerShell module, you must additionally sign in with
Check out the functions pages on the left to see which functions use which modules. Majority of PowerZure uses the az (Azure CLI) module.
Once you are signed in to Azure, you can import PowerZure:
Upon importing, it will list your current role and available subscriptions. From there, you can run
To get a list of resources you have access to.