SPA is for Single-Page Abuse! – Using Single-Page Application Tokens to Enumerate Azure
Security Boulevard
DECEMBER 10, 2024
We were tasked with identifying methods of escalating privileges, assisting defenders in improving detections, and documenting attack paths in the client Azure environment using a compromised non-privileged user account on a Windows Virtual Desktop Image (VDI). The team began looking at the resources our user account had access to.
52 
Let's personalize your content