Azure API Connections: A Red Team Deep Dive
By Rogier Dijkman — — 7 min read
Topics: Azure, red-team, api-connections, logic-apps, credential-access
MITRE ATT&CK: T1528, T1530
Azure API Connections are silently stored bearer tokens, service principal secrets, and OAuth refresh tokens that sit in plain-ARM sight, and any attacker with Microsoft.Web/connections/listConnectionKeys/action or dynamicInvoke/action can use them to act as the connected user or workload.