# Day 16

Introduction to Azure

Azure is a CSP (Cloud Service Provider), and CSPs (others include Google Cloud and AWS) provide computing resources such as computing power on demand in a highly scalable fashion. In other words, McSkidy could instead have Azure manage her underlying infrastructure, scaling it in times of increased demand and decreasing it once traffic resumed to normal levels. The best bit? McSkidy only has to pay for what she uses; gone were the days of buying physical infrastructure to handle increased loads, only for that infrastructure to go unused the majority of the time.

Azure (and cloud adoption in general) boasts many benefits beyond cost optimisation. Azure also gave McSkidy access to lots of cloud services ranging from identity management to data ingestion (quite frankly, there are more services than can be abbreviated in a sentence as, at the time of writing, there are over 200), these services can be used to build, deploy, and manage McSkidy's current infrastructure as well as give her the options to upgrade or build new applications in the future given the range of services available. A couple of Azure services will come up during the Glitch's attack path. Let's take a look at them now:

**Azure Key Vault**

Azure Key Vault is an Azure service that allows users to securely store and access secrets. These secrets can be anything from API Keys, certificates, passwords, cryptographic keys, and more. Essentially, anything you want to keep safe, away from the eyes of others, and easily configure and restrict access to is what you want to store in an Azure Key Vault.

The secrets are stored in vaults, which are created by vault owners. Vault owners have full access and control over the vault, including the ability to enable auditing so a record is kept of who accessed what secrets and grant permissions for other users to access the vault (known as **vault consumers**). McSkidy uses this service to store secrets related to evidence and has been entrusted to store some of Wareville's town secrets here.

**Microsoft Entra ID**

McSkidy also needed a way to grant users access to her system and be able to secure and organise their access easily. So, a Wareville town member could easily access or update their secret. Microsoft Entra ID (formerly known as Azure Active Directory) is Azure's solution. Entra ID is an identity and access management (IAM) service. In short, it has the information needed to assess whether a user/application can access X resource. In the case of the Wareville town members, they made an Entra ID account, and McSkidy assigned the appropriate permissions to this account.

#### Task 22 — Azure Day 16: The Wareville's Key Vault grew three sizes that day. <a href="#id-557c" id="id-557c"></a>

**1. What is the password for backupware that was leaked?**

Use the Below command and find backupware and its office location

`az ad user list`

```makefile
CopyAns: R3c0v3r_s3cr3ts!
```

**2. What is the group ID of the Secret Recovery Group?**

Type the following command to list the groups and notice the id, `az ad group list`

```makefile
CopyAns: 7d96660a-02e1-4112-9515-1762d0cb66b7
```

Since we have seen a potential set of credentials, let's jump to another user by clearing the current Azure CLI account session and logging in with the new account.

`az login -u` [`wvusr-backupware@aoc2024.onmicrosoft.com`](mailto:wvusr-backupware@aoc2024.onmicrosoft.com) `-p R3c0v3r_s3cr3ts!`

**3. What is the name of the vault secret?**

1. Type this command to get the name of the vault — `az keyvault list`
2. Now, substitute the name in the below command `az keyvault secret list — vault-name warevillesecrets`

```makefile
CopyAns: aoc2024
```

**4. What are the contents of the secret stored in the vault?**

Now substitute the vault secret in the below command to see its value

`az keyvault secret show — vault-name warevillesecrets — name aoc2024`

```makefile
CopyAns: WhereIsMyMind1999
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://foothold.gitbook.io/blog/advent-of-cyber-2024/day-16.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.