AZT301.7 - Virtual Machine Scripting: Serial Console

By utilizing the serial console feature on an Azure Virtual Machine, an adversary can pass arbitrary commands.

Resource

Virtual Machine

Actions

Microsoft.SerialConsole/serialPorts/connect/action

Examples

Azure Portal

Detections

Detection Details

Commands are passed directly via COM1 port to the virtual machine. Logging requires boot diagnostics to be enabled.

Logs

Data Source	Operation Name	Action	Log Location
Resource	N/A	N/A	Boot Diagnostics

Additional Resources

• https://docs.microsoft.com/en-us/troubleshoot/azure/virtual-machines/serial-console-overview