Please go to BloodHound after gathering information with AzureHound.
Custom queries for finding interesting stuff https://hausec.com/2020/11/23/azurehound-cypher-cheatsheet/.
Install PowerShell Azure Module Install-Module -Name Az
Import the .ps1
. .\AzureHound.ps1
Connect to AzureAD.
Connect-AZAccount
Run AzureHound
Invoke-AzureHound -Install
PS C:\Users\ops > . .\AzureHound.ps1
PS C:\Users\ops > Connect-AZAccount
Account SubscriptionName TenantId Environment
------- ---------------- -------- -----------
[email protected] example-prd 1cd4303[...]2d6530b AzureCloud
PS C:\Users\ops > Invoke-AzureHound -Install
Untrusted repository
You are installing the modules from an untrusted repository. If you trust this repository, change its InstallationPolicy value by running the Set-PSRepository cmdlet. Are you sure you want to install the modules from 'PSGallery'?
[Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "N"): A
[...]
Writing JSON chunk 1/1
Done processing application to service principal relations
Processing Application Admins
Writing output for applicationadmins
Chunking output in 250 item sections
Done processing Application Admins
Processing Cloud Application Admins
Writing output for cloudappadmins
Chunking output in 250 item sections
Done processing Cloud Application Admins
Compressing files
Zip file created: C:\Users\ops\2021112345634-azurecollection.zip
Done! Drag and drop the zip into the BloodHound GUI to import data.
Account Environment TenantId TenantDomain AccountType
------- ----------- -------- ------------ -----------
[email protected] AzureCloud 1cd4303[...]2d6530 1cd4303[...]2d6530 AccessToken