AI-Powered Application Penetration Testing—Scale Security Without Compromise Learn More

bishopfox-logo-grey
Get Started
Azure Hacking: New Cloudfoxable Challenges

Azure Hacking: New Cloudfoxable Challenges

By:

Share

TL;DR Cloudfoxable now includes Azure challenges. You can deploy them into your own environment and work through realistic misconfigurations and privilege escalation paths. The goal is the same as before: hands-on practice that reflects how cloud environments actually break.


Introduction

In 2023, Bishop Fox introduced Cloudfoxable, an intentionally vulnerable environment that you deploy into your own playground AWS account. It was designed as a hands-on way to learn cloud security by working through realistic misconfigurations and privilege escalation paths.

There are no guardrails beyond the challenge descriptions. You’re expected to explore, make mistakes, and figure things out as you go. That’s intentional. The goal isn’t just to run tools but understand how cloud environments actually break.

Since its release, 1,350 users have tried to solve the Cloudfoxable challenges, but only 17 have solved every challenge so far.

The gamified sandbox has proven to be a widely popular training tool to learn about AWS security concepts, exploring common misconfigurations, and understanding real-world privilege escalation paths in a safe, hands-on way.

While AWS remains one of the most popular cloud providers, it certainly isn’t the only one. From the beginning, the vision for Cloudfoxable was to become a learning platform for all of the major cloud providers, reflecting the diverse environments security professionals encounter in practice. To that end, we’re excited to introduce the first set of challenges for Azure!

Why Azure, and Why Now

AWS still dominates a lot of cloud security conversations, but most environments we see in the real world aren’t single cloud. Azure shows up often, especially in enterprise environments, and it comes with its own set of quirks.

From an attacker’s perspective, Azure tends to be more identity-driven. Instead of focusing only on compute and storage misconfigurations, you end up reasoning about relationships between users, service principals, managed identities, and role assignments. The individual pieces are usually straightforward. The challenge is understanding how they connect.

That’s where hands-on practice helps. Reading about Azure RBAC or Entra ID is one thing. Tracing a privilege escalation path across multiple identities and resources is another.

The Azure challenges are meant to bridge that gap.

Getting Started

Getting started follows the same basic flow as the AWS version.

Download Cloudfoxable, then head to the challenges page and look for the Azure section. The “First Azure Flag” challenge walks through deploying the required resources into your own Azure subscription.

Deployment is handled with Terraform and takes a few minutes. Once it’s done, you’ll have a small but intentionally misconfigured environment to explore. Once deployment is complete, you’ll have everything you need to begin exploring – and breaking – your environment.

If you’ve worked through the AWS challenges before, the process should feel familiar. If not, this is a good place to start.

Where Tooling Stands Today

Our initial release includes seven challenges for Azure as a starting point. The plan is to expand the Azure track with more complex scenarios and deeper privilege escalation paths over time.

Tooling is another area where AWS currently has the edge. While CloudFox does include some Azure support, its AWS capabilities are still more mature. That gap is already closing with Joseph Barcia recently contributing significant improvements for GCP support, and Azure enhancements are high up on our roadmap as well.

In the meantime, these new challenges are intentionally designed to encourage exploration beyond CloudFox alone. You’ll likely need to leverage additional tools, techniques, and creativity to solve them, just like in real-world scenarios.

Who This Is For

The Azure challenges are useful if you:

  • Test cloud environments and want hands-on Azure scenarios
  • Primarily work in AWS and want to understand how Azure differs
  • Defend Azure environments and want to think through attacker paths
  • Prefer learning by doing instead of reading documentation

You don’t need deep Azure experience to start, but you should be comfortable navigating a cloud environment and experimenting a bit.

Additional Resources

Want more Azure tools? We recommend checking out:

  • Cirro: Focuses on mapping management plane permissions while enriching them with configuration context and data plane visibility to show how access can be used in practice.
  • ROADTools: A framework to interact with Azure AD. It consists of a library (roadlib) with common components, the ROADrecon Azure AD exploration tool and the ROADtools Token eXchange (roadtx) tool.
  • PowerZure: Assess and exploit resources within Microsoft’s cloud platform, Azure. PowerZure was created out of the need for a framework that can both perform reconnaissance and exploitation of Azure, EntraID, and the associated resources.
Gerben Kleijn

By Gerben Kleijn

Managing Security Consultant

Gerben Kleijn (OSWE, CISSP) is a Managing Security Consultant for Bishop Fox, where he oversees a team of penetration testers. His focus areas include cloud penetration tests, external network penetration tests, and web application assessments as well as cloud deployment reviews for Amazon Web Services (AWS). He has advised Fortune 500 brands and startups in industries such as media, retail, and software in addition to popular websites, credit reporting agencies, and marketing platforms.

More by Gerben Kleijn

Subscribe to our blog

Be first to learn about latest tools, advisories, and findings.

Recommended Posts

You might be interested in these related posts.

Industry Blog

Introducing CloudFox GCP: Attack Path Identification for Google Cloud

Introducing CloudFox GCP: Attack Path Identification for Google Cloud
Meet CloudFox GCP, an offensive security tool built to map identities, enumerate resources, and uncover real attack paths in Google Cloud. Designed for practitioners, it exposes privilege escalation, lateral movement, and data exfiltration risks so you can secure GCP before attackers exploit it.
Read Post
Virtual Sessions

CloudFox: Cloud Enumeration for Penetration Testing

CloudFox: Cloud Enumeration for Penetration Testing

In this session, Mitchell Sperling, Senior Security Consultant at Bishop Fox, will demonstrate how he uses CloudFox during cloud penetration tests to quickly enumerate large cloud environments and identify interesting attack paths.

Watch Session
Workshops & Training

CloudFoxable: A Practical Demo of AWS Cloud Security Misconfiguration Attacks

CloudFoxable: A Practical Demo of AWS Cloud Security Misconfiguration Attacks

Watch the CloudFoxable demo to see a gamified cloud hacking sandbox where users can find latent attack paths in an intentionally vulnerable AWS environment.

Watch Workshop

This site uses cookies to provide you with a great user experience. By continuing to use our website, you consent to the use of cookies. To find out more about the cookies we use, please see our Privacy Policy.