Skip to content

AZT605 - Resource Secret Reveal#

An adverary may access an Azure KeyVault in an attempt to view secrets, certificates, or keys.

ID Name Description Action Resources
.001 Storage Account Access Key Dumping By accessing a Storage Account, an adversary may dump access keys pertaining to the Storage Account, which will give them full access to the Storage Account. Microsoft.Storage/storageAccounts/listkeys/action Storage Account
.002 Automation Account Credential Secret Dump By editing a Runbook, a credential configured in an Automation Account may be revealed Microsoft.Automation/automationAccounts/runbooks/* Automation Account
.003 Resource Group Deployment History Secret Dump By accessing deployment history of a Resource Group, secrets used in the ARM template may be revealed. Microsoft.Resources/deployments/read Resource Group