Hackers of India

AzureGoat : A Damn Vulnerable Azure Infrastructure

By  Jeswin Mathai   Nishant Sharma   Rachna Umaraniya  on 10 Aug 2022 @ Blackhat : Arsenal

This Tool Demo covers following tools where the speaker has contributed or authored
AZUREGOAT

Abstract

Microsoft Azure cloud has become the second-largest vendor by market share in the cloud infrastructure providers (as per multiple reports), just behind AWS. There are numerous tools and vulnerable applications available for AWS for the security professional to perform attack/defense practices, but it is not the case with Azure. There are far fewer options available to the community. AzureGoat is our attempt to shorten this gap.

In this talk, we will be introducing AzureGoat, a vulnerable by design infrastructure on the Azure cloud environment. AzureGoat will allow a user to do the following:

The user will be able to deploy AzureGoat on their Azure account using a pre-created Docker image and scripts. Once deployed, the AzureGoat can be used for target practice and be conveniently deleted later.

All the code and deployment scripts will be made open-source after the talk.