From 30236714f5a0000b9defe3ef7306599874f6a64f Mon Sep 17 00:00:00 2001
From: Carlos Polop <carlospolop@gmail.com>
Date: Tue, 11 Feb 2025 17:56:10 +0100
Subject: [PATCH] f

---
 .../az-privilege-escalation/az-key-vault-privesc.md | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/src/pentesting-cloud/azure-security/az-privilege-escalation/az-key-vault-privesc.md b/src/pentesting-cloud/azure-security/az-privilege-escalation/az-key-vault-privesc.md
index 3681e6ae4..bfbad562f 100644
--- a/src/pentesting-cloud/azure-security/az-privilege-escalation/az-key-vault-privesc.md
+++ b/src/pentesting-cloud/azure-security/az-privilege-escalation/az-key-vault-privesc.md
@@ -31,6 +31,19 @@ az keyvault set-policy \
   --storage-permissions all
 ```
 
+### Modify Network Restrictions
+
+It might be possible tthat you have enough permissions th access sensitive data (like the value of a secret) but you can't access it because the key vault is restricted to a specific network. If you have the permission to modify the network restrictions you can add your IP to the list of allowed IPs.
+
+```bash
+# Get the current network restrictions
+az keyvault network-rule list --name <vault-name>
+
+# Add your IP to the list
+az keyvault network-rule add --name <vault-name> --ip-address <your-ip>
+```
+
+
 {{#include ../../../banners/hacktricks-training.md}}