# Azure Hacking Security Blog > Expert research on Azure hacking, Entra ID security, cloud offensive techniques, and detection strategies by Rogier Dijkman. This site publishes original security research focused on Microsoft Azure and Entra ID. Topics include red team techniques, privilege escalation, credential access, defense impairment, and detection engineering using KQL and Microsoft Sentinel. ## Site Information - URL: https://azurehacking.com - Author: Rogier Dijkman - Topics: Azure Security, Entra ID, Cloud Red Team, MITRE ATT&CK, Microsoft Sentinel, KQL Detection - Feed: https://azurehacking.com/feed.xml - Sitemap: https://azurehacking.com/sitemap.xml - Full content for LLMs: https://azurehacking.com/llms-full.txt - Structured post index (JSON): https://azurehacking.com/api/posts ## Articles - [Deep dive Federated Identity Credentials in Microsoft Entra](https://azurehacking.com/post/deep-dive-federated-identity-credentials-in-microsoft-entra): User-assigned managed identities are designed to eliminate credential management. But the same trust model that makes them secure, federated identity credentials can be weaponised to extract bearer tokens for any resource the identity can access. This article explains a technique that injects a temp Tags: Azure, Entra ID, Security MITRE ATT&CK: T1528, T1098.001 Published: 2026-03-11 - [Azure Key Vault Security Deep Dive](https://azurehacking.com/post/azure-key-vault-security-deep-dive): This research investigates the security architecture of Azure Key Vault from an offensive perspective, revealing that while the cryptographic protections for data at rest are robust (HSM-backed keys, FIPS 140-2 Level 2/3), the access control layer presents multiple exploitation opportunities that at Tags: Azure, Security, Key Vault MITRE ATT&CK: T1552.001, T1555 Published: 2026-03-02 - [Azure Tenant Takeover: From Exposed Config to Global Admin](https://azurehacking.com/post/azure-tenant-takeover-from-exposed-config-to-global-admin): A soft-deleted file in a public blob container, still retrievable through versioning, leaks a SAS token that exposes an entire file share, ultimately cascading into a complete Azure tenant takeover through managed identity abuse, federated credential injection, and Graph API self-escalation. Tags: Azure, Security, Entra ID, Defense MITRE ATT&CK: T1530, T1528, T1098.001, T1078.004 Published: 2026-02-23 - [Federated Identity Credential Injection — Proof of Concept](https://azurehacking.com/post/federated-identity-credential-injection-proof-of-concept): Proof-of-concept: extract Microsoft Graph tokens from managed identities via federated identity credential injection with Contributor access alone. Tags: Azure, Security, Entra ID, Credential Access, Red Team MITRE ATT&CK: T1528 Published: 2026-02-17 - [Getting Started with the BlackCat PowerShell Module](https://azurehacking.com/post/blackcat-module-getting-started): BlackCat is an open-source PowerShell module for Azure security assessments that maps its 65+ functions to the MITRE ATT&CK framework — covering reconnaissance, discovery, credential access, persistence, exfiltration, and defense impairment across Microsoft Azure and Entra ID environments. Tags: Azure, Red Team, Security, PowerShell, Entra ID Published: 2026-02-10 - [Impairing Azure Defenses Through Diagnostic Setting Manipulation](https://azurehacking.com/post/impairing-azure-defenses-through-diagnostic-setting-manipulation): > Azure diagnostic settings are the single control point between resource telemetry and your SIEM. This article explains how attackers exploit that dependency — disabling security logs at the source while keeping metrics flowing — to blind detection pipelines without triggering operational alerts. C Tags: Azure, Security, Logging MITRE ATT&CK: T1562.008 Published: 2026-02-07 - [Azure Functions Key Encryption: A Deep Dive into Security Mechanisms and Vulnerabilities](https://azurehacking.com/post/azure-functions-key-encryption-a-deep-dive-into-security-mechanisms-and-vulnerabilities): This research investigates the security mechanisms protecting Azure Functions authentication keys, revealing both robust encryption implementations and critical bypass vulnerabilities. Our findings demonstrate that while Microsoft's Data Protection implementation provides strong cryptographic protec Tags: Azure, Security, Red Team Published: 2026-01-26 - [Introducing ScEntra an advanced permission visualizer](https://azurehacking.com/post/introducing-scentra-an-advanced-permission-visualizer): ScEntra is a PowerShell-based security analysis tool that maps privilege escalation paths in Microsoft Entra ID by analysing role assignments, PIM configurations, and transitive group memberships — then renders the results as an interactive, encrypted HTML report. Tags: Azure, Security, Identity, PowerShell Published: 2025-12-09 ## Optional - License: All rights reserved. Content may be cited with attribution. - Contact: https://azurehacking.com/about.html