DEV Community

Eng Soon Cheah
Eng Soon Cheah

Posted on

Azure Security Audit Tool - SkyArk

SkyArk is a security audit tool for Azure and AWS . This tool can help researchers discover, evaluate and protect privileged entities in Azure and AWS. Essentially, SkyArk is a cloud security project.
The tool contains two main scanning modules:

  1. AzureStealth - Scans Azure environments
  2. AWStealth - Scan AWS environments

These two scanning modules can help us discover privileged entities in the target AWS and Azure.

SkyArk currently focuses on mitigating security threats to the cloud environment and helping organizations discover, evaluate and protect the security of cloud privileged entities. The secret cloud management credentials may be stored in various places on the public cloud platform, and SkyArk can help administrators reduce the security risks faced by AWS and Azure.

In the process of security defense, penetration testing, and risk assessment, we need to ensure that security risks are resolved, and to verify whether the privileged entity is sufficiently secure, SkyArk came into being.

Details

SkyArk can use the scan results to help organizations find the entities with the most sensitive and dangerous permissions in their resources, including users, groups, and roles.

In addition, we also encourage major organizations to scan their environment regularly and ensure that the scan results will not be too biased. For attackers, they will look for these user roles, and defenders will ensure the safety of these privileged users. It’s important that we cannot protect what we can’t see and don’t know, but SkyArk can help us complete these complex tasks.

AzureStealth Scan

Discover the most privileged users in the scanned Azure environment - including the Azure Shadow Admins.

How To Run AzureStealth

The full details are in the AzureStealth's Readme file:

https://github.com/cyberark/SkyArk/blob/master/AzureStealth/README.md

In short:

  1. Download/sync locally the SkyArk project
  2. Open PowerShell in the SkyArk folder with the permission to run scripts: "powershell -ExecutionPolicy Bypass -NoProfile"
  3. Run the following commands:
(1) Import-Module .\SkyArk.ps1 -force
(2) Start-AzureStealth
Enter fullscreen mode Exit fullscreen mode

AzureStealth needs only Read-Only permissions over the scanned Azure Directory (Tenant) and Subscription.

*You can also run the scan easily from within the Azure Portal by using the built-in CloudShell:

    (1) IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/cyberark/SkyArk/master/AzureStealth/AzureStealth.ps1')  
    (2) Scan-AzureAdmins  
Enter fullscreen mode Exit fullscreen mode

AzureStealth DEMO:

Demo

Top comments (0)