Abuse Info
You can read secrets and alter access policies (grant yourself access to read secrets) Via PowerZure:Opsec Considerations
This will depend on which particular abuse you perform, but in general Azure will create a log event for each abuse.References
- https://blog.netspi.com/maintaining-azure-persistence-via-automation-accounts/
- https://blog.netspi.com/azure-automation-accounts-key-stores/
- https://blog.netspi.com/get-azurepasswords/
- https://blog.netspi.com/attacking-azure-cloud-shell/
- https://specterops.io/blog/2022/08/03/introducing-bloodhound-4-2-the-azure-refactor/