GITBOOK-714: No subject

SUMMARY.md

@@ -399,6 +399,7 @@
     * [Az - Device Code Authentication Phishing](pentesting-cloud/azure-security/az-unauthenticated-enum-and-initial-entry/az-device-code-authentication-phishing.md)
     * [Az - Password Spraying](pentesting-cloud/azure-security/az-unauthenticated-enum-and-initial-entry/az-password-spraying.md)
   * [Az - Services](pentesting-cloud/azure-security/az-services/README.md)
+    * [Az - Entra ID (formerly AzureAD - AAD)](pentesting-cloud/azure-security/az-services/az-azuread.md)
     * [Az - Management Groups, Subscriptions & Resource Groups](pentesting-cloud/azure-security/az-services/az-management-groups-subscriptions-and-resource-groups.md)
     * [Az - ACR](pentesting-cloud/azure-security/az-services/az-acr.md)
     * [Az - Application Proxy](pentesting-cloud/azure-security/az-services/az-application-proxy.md)
@@ -440,14 +441,14 @@
     * [Az - Blob Storage Post Exploitation](pentesting-cloud/azure-security/az-post-exploitation/az-blob-storage-post-exploitation.md)
   * [Az - Privilege Escalation](pentesting-cloud/azure-security/az-privilege-escalation/README.md)
     * [Az - Authorization Privesc](pentesting-cloud/azure-security/az-privilege-escalation/az-authorization-privesc.md)
+    * [Az - EntraID Privesc](pentesting-cloud/azure-security/az-privilege-escalation/az-entraid-privesc/README.md)
+      * [Az - Conditional Access Policies & MFA Bypass](pentesting-cloud/azure-security/az-privilege-escalation/az-entraid-privesc/az-conditional-access-policies-mfa-bypass.md)
+      * [Az - Dynamic Groups Privesc](pentesting-cloud/azure-security/az-privilege-escalation/az-entraid-privesc/dynamic-groups.md)
     * [Az - Storage Privesc](pentesting-cloud/azure-security/az-privilege-escalation/az-storage-privesc.md)
     * [Az - Key Vault Privesc](pentesting-cloud/azure-security/az-privilege-escalation/az-key-vault-privesc.md)
   * [Az - Persistence](pentesting-cloud/azure-security/az-persistence/README.md)
     * [Az - Storage Persistence](pentesting-cloud/azure-security/az-persistence/az-storage-persistence.md)
   * [Az - Device Registration](pentesting-cloud/azure-security/az-device-registration.md)
-  * [Az - Entra ID (formerly AzureAD - AAD)](pentesting-cloud/azure-security/az-azuread/README.md)
-    * [Az - Conditional Access Policies & MFA Bypass](pentesting-cloud/azure-security/az-azuread/az-conditional-access-policies-mfa-bypass.md)
-    * [Az - Dynamic Groups Privesc](pentesting-cloud/azure-security/az-azuread/dynamic-groups.md)
 * [Digital Ocean Pentesting](pentesting-cloud/digital-ocean-pentesting/README.md)
   * [DO - Basic Information](pentesting-cloud/digital-ocean-pentesting/do-basic-information.md)
   * [DO - Permissions for a Pentest](pentesting-cloud/digital-ocean-pentesting/do-permissions-for-a-pentest.md)

pentesting-cloud/azure-security/README.md

@@ -88,7 +88,7 @@ After bypassing it, you might be able to get back to your initial setup and you
 ### Whoami
 
 {% hint style="danger" %}
-Learn **how to install** az cli, AzureAD and Az PowerShell in the [**Az - Entra ID**](az-azuread/) section.
+Learn **how to install** az cli, AzureAD and Az PowerShell in the [**Az - Entra ID**](az-services/az-azuread.md) section.
 {% endhint %}
 
 One of the first things you need to know is **who you are** (in which environment you are):
@@ -144,8 +144,8 @@ You can get the same info in the **web console** going to [https://portal.azure.
 By default, any user should have **enough permissions to enumerate** things such us, users, groups, roles, service principals... (check [default AzureAD permissions](az-basic-information/#default-user-permissions)).\
 You can find here a guide:
 
-{% content-ref url="az-azuread/" %}
-[az-azuread](az-azuread/)
+{% content-ref url="az-services/az-azuread.md" %}
+[az-azuread.md](az-services/az-azuread.md)
 {% endcontent-ref %}
 
 {% hint style="info" %}

pentesting-cloud/azure-security/az-basic-information/README.md

@@ -17,7 +17,7 @@ Learn & practice GCP Hacking: <img src="../../../.gitbook/assets/image (2).png"
 
 ## Organization Hierarchy
 
-<figure><img src="https://lh7-rt.googleusercontent.com/slidesz/AGV_vUchBvhjIdWWR2ldAkWiZMdmrcEYD9Ti5UAa3zAGr9YbAnx4Q_gZNp_zvOU429vgWZ_ixoYHQKdC8bGgkhWYCy591SRIFj6RKCj4BEpVQixAGsp3T3O5sS3k7x5CTaJ-SCBNC7i5KluLyxdiXoZsH1F0ko1Gv88=s2048?key=gSyKQr3HTyhvHa28Rf7LVA" alt=""><figcaption></figcaption></figure>
+<figure><img src="https://lh7-rt.googleusercontent.com/slidesz/AGV_vUcVrh1BpuQXN7RzGqoxrn-4Nm_sjdJU-dDTvshloB7UMQnN1mtH9N94zNiPCzOYAqE9EsJqlboZOj47tQsQktjxszpKvIDPZLs9rgyiObcZCvl7N0ZWztshR0ZddyBYZIAwPIkrEQ=s2048?key=l3Eei079oPmVJuh8lxQYxxrB" alt=""><figcaption><p><a href="https://www.tunecom.be/stg_ba12f/wp-content/uploads/2020/01/VDC-Governance-ManagementGroups-1536x716.png">https://www.tunecom.be/stg_ba12f/wp-content/uploads/2020/01/VDC-Governance-ManagementGroups-1536x716.png</a></p></figcaption></figure>
 
 ### Management Groups
 
@@ -390,14 +390,6 @@ However, in some cases you might want to provide **more fined-grained access man
 Azure **ABAC** (attribute-based access control) builds on Azure RBAC by adding **role assignment conditions based on attributes** in the context of specific actions. A _role assignment condition_ is an **additional check that you can optionally add to your role assignment** to provide more fine-grained access control. A condition filters down permissions granted as a part of the role definition and role assignment. For example, you can **add a condition that requires an object to have a specific tag to read the object**.\
 You **cannot** explicitly **deny** **access** to specific resources **using conditions**.
 
-### Privileged Identity Management (PIM)
-
-Privileged Identity Management (PIM) in Azure is a tool that **manages, controls, and monitors privileged access** in Azure Active Directory and Azure. It enhances security by providing **just-in-time and time-limited privileged access**, **enforcing approval workflows, and requiring additional authentication**. This approach minimizes the risk of unauthorized access by ensuring that elevated permissions are granted only when necessary and for a specific duration.
-
-##
-
-
-
 ## References
 
 * [https://learn.microsoft.com/en-us/azure/governance/management-groups/overview](https://learn.microsoft.com/en-us/azure/governance/management-groups/overview)