Skip to content

daddycocoaman/azbelt

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

36 Commits
.devcontainer
.devcontainer
 
 
.github/workflows
.github/workflows
 
 
.vscode
.vscode
 
 
scripts
scripts
 
 
src
src
 
 
tools
tools
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
azbelt.nimble
azbelt.nimble
 
 
extension.json
extension.json
 
 

Repository files navigation

azbelt

Standalone DLL and sliver extension for enumerating Azure related credentials, primarily on AAD joined machines

Modules

  • aadjoin - Gets info about machine AAD status via NetGetAadJoinInformation
  • credman - Gets credentials from Credential Manager
  • env - Looks for Azure/AAD specific environment variables that may contain secrets
  • managed - Calls IMDS endpoint to get info about machine with managed identity
  • msal - Looks in various MSAL caches for tokens. Tokens are parsed to display scope and validity
  • sso - If machine is AAD joined, get signed PRT cookie
  • tbres - Gets tokens from Token Broker cache
  • all - Runs all enumeration except SSO

Building from source

A devcontainer is a provided for easy development and building. The devcontainer base definition is located here.

To build, simply:

nimble release

This will drop the DLLs into the project folder. If you want the exe for testing the DLL, you can also build the DLL runner:

nimble dllrun

You can do both at the same time:

nimble all

Special Thanks

About

AAD related enumeration in Nim

Topics

nim azure sliver credential-gathering

Resources

Readme

License

MIT license
Activity

Stars

131 stars

Watchers

3 watching

Forks

6 forks
Report repository

Releases 3

v0.3.2 Latest
Jan 25, 2023
+ 2 releases

Packages

 
 
 

Contributors

Languages