Skip to content

AZT405.2 - Azure AD Application: Application API Permissions#

By compromising a service principal whose application has privileged API permissions, an attacker can escalate their privileges to a higher privileged role.

Resource

Azure Active Directory

Actions

N/A

Since the attacker controls the application, no actions are needed.

Examples

PUT https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Web/sites/{name}?api-version=2021-02-01

APIPerm

Detections

Logs#

Data Source Operation Name Action Log Location
N/A N/A N/A N/A

Additional Resources

https://docs.microsoft.com/en-us/azure/app-service/overview-managed-identity?tabs=portal%2Chttp