detecting-azure-storage-account-misconfigurations

Solid

Audit Azure Blob and ADLS storage accounts for public access exposure, weak or long-lived SAS tokens, missing encryption at rest, disabled HTTPS-only traffic, and outdated TLS versions using the azure-mgmt-storage Python SDK.

AI & Automation 12,642 stars 1468 forks Updated today Apache-2.0

Install

View on GitHub

Quality Score: 97/100

Stars 20%
100
Recency 20%
100
Frontmatter 20%
70
Documentation 15%
97
Issue Health 10%
50
License 10%
100
Description 5%
100

Skill Content

# Detecting Azure Storage Account Misconfigurations ## Overview Azure Storage accounts are a frequent target for attackers due to misconfigured public access, long-lived SAS tokens, missing encryption, and outdated TLS versions. This skill uses the azure-mgmt-storage Python SDK with StorageManagementClient to enumerate all storage accounts in a subscription, inspect their security properties, list blob containers for public access settings, and generate a risk-scored audit report identifying critical misconfigurations. ## When to Use - When investigating security incidents that require detecting azure storage account misconfigurations - When building detection rules or threat hunting queries for this domain - When SOC analysts need structured procedures for this analysis type - When validating security monitoring coverage for related attack techniques ## Prerequisites - Python 3.9+ with `azure-mgmt-storage`, `azure-identity` - Azure service principal with Reader role on target subscription - Environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, AZURE_CLIENT_SECRET, AZURE_SUBSCRIPTION_ID ## Key Detection Areas 1. **Public blob access** — `allow_blob_public_access` enabled on storage account or individual containers set to Blob/Container access level 2. **HTTPS enforcement** — `enable_https_traffic_only` disabled, allowing unencrypted HTTP traffic 3. **Minimum TLS version** — accounts accepting TLS 1.0 or TLS 1.1 instead of minimum TLS 1.2 4. **Encryption at rest** ...

Details

Author
mukul975
Repository
mukul975/Anthropic-Cybersecurity-Skills
Created
3 months ago
Last Updated
today
Language
Python
License
Apache-2.0

Integrates with

Azure · Cloud

Similar Skills

Semantically similar based on skill content — not just same category

AI & Automation Featured

detecting-misconfigured-azure-storage

Detecting misconfigured Azure Storage accounts including publicly accessible blob containers, missing encryption settings, overly permissive SAS tokens, disabled logging, and network access violations using Azure CLI, PowerShell, and Microsoft Defender for Storage.

12,642 Updated today
mukul975
AI & Automation Featured

auditing-azure-active-directory-configuration

Auditing Microsoft Entra ID (Azure Active Directory) configuration to identify risky authentication policies, overly permissive role assignments, stale accounts, conditional access gaps, and guest user risks using AzureAD PowerShell, Microsoft Graph API, and ScoutSuite.

12,642 Updated today
mukul975
DevOps & Infrastructure Featured

detecting-azure-service-principal-abuse

Detect and investigate Azure service principal abuse including privilege escalation, credential compromise, admin consent bypass, and unauthorized enumeration in Microsoft Entra ID environments.

12,642 Updated today
mukul975
AI & Automation Solid

azure-security-scanner

Azure security configuration scanning and hardening using Azure Security Center, Azure Policy, and ScoutSuite

1,034 Updated today
a5c-ai
DevOps & Infrastructure Featured

remediating-s3-bucket-misconfiguration

This skill provides step-by-step procedures for identifying and remediating Amazon S3 bucket misconfigurations that expose sensitive data to unauthorized access. It covers enabling S3 Block Public Access at account and bucket levels, auditing bucket policies and ACLs, enforcing encryption, configuring access logging, and deploying automated remediation using AWS Config and Lambda.

12,642 Updated today
mukul975