AZT301 - Virtual Machine Scripting#
Adversaries may abuse access to virtual machines by executing a script through various methods in order to gain access to the Virtual Machine.
ID | Name | Description | Action | Resources |
---|---|---|---|---|
AZT301.1 | RunCommand | By utilizing the 'RunCommand' feature on a Virtual Machine, an attacker can pass PowerShell commands to the VM as SYSTEM. | Microsoft.Compute/virtualMachines/runCommand/action | Virtual Machine |
Microsoft.Compute/locations/runCommands/read | ||||
AZT301.2 | CustomScriptExtension | By utilizing the 'CustomScriptExtension' extension on a Virtual Machine, an attacker can pass PowerShell commands to the VM as SYSTEM. | Microsoft.Compute/virtualMachines/extensions/* | Virtual Machine |
Microsoft.Compute/virtualMachines/write | ||||
AZT301.3 | Desired State Configuration | By utilizing the 'Desired State Configuration extension' extension on a Virtual Machine, an attacker can pass PowerShell commands to the VM as SYSTEM. | Microsoft.Compute/virtualMachines/extensions/* | Virtual Machine |
Microsoft.Compute/virtualMachines/write | ||||
AZT301.4 | Compute Gallery Application | By utilizing Compute Gallery Applications, an attacker can pass MS-DOS or PowerShell commands to the VM as SYSTEM. | Microsoft.Compute/virtualMachines/write | Virtual Machine, Compute Gallery |
Microsoft.Compute/galleries/write | ||||
Microsoft.Compute/galleries/applications/write | ||||
Microsoft.Compute/galleries/applications/versions/write | ||||
AZT301.5 | AKS Command Invoke | By utilizing 'command invoke' on an Azure Kubernetes Service (AKS) cluster, an attacker can pass commands to the cluster's VM as SYSTEM | Microsoft.ContainerService/managedClusters/runcommand/action | Azure Kubernetes Services |
Microsoft.ContainerService/managedclusters/commandResults/read | ||||
AZT301.6 | Vmss Run Command | By utilizing the 'RunCommand' feature on a virtual machine scale set (vmss), an attacker can execute a command on an instance of a VM as SYSTEM | Microsoft.Compute/virtualMachineScaleSets/virtualMachines/runCommand/action | Virtual Machine Scale Sets |
AZT301.7 | Serial Console | By utilizing the serial console feature on an Azure Virtual Machine, an adversary can pass arbitrary commands. | Microsoft.SerialConsole/serialPorts/connect/action | Virtual Machine |