diff --git a/src/pentesting-cloud/azure-security/az-unauthenticated-enum-and-initial-entry/az-container-registry-unauth.md b/src/pentesting-cloud/azure-security/az-unauthenticated-enum-and-initial-entry/az-container-registry-unauth.md
new file mode 100644
index 000000000..585ca46ac
--- /dev/null
+++ b/src/pentesting-cloud/azure-security/az-unauthenticated-enum-and-initial-entry/az-container-registry-unauth.md
@@ -0,0 +1,22 @@
+# Az - Container Registry Unauth
+
+{{#include ../../../banners/hacktricks-training.md}}
+
+## Container Registry Unauth
+
+有关容器注册表的更多信息，请查看：
+
+{{#ref}}
+../az-services/az-container-registry.md
+{{#endref}}
+
+### 匿名拉取访问
+
+可以**允许对注册表内图像的匿名拉取访问**。
+```bash
+# Authorize anonymous pulls
+az acr update --name <registry-name> --anonymous-pull-enabled true
+```
+然后，**任何知道注册表名称的人**都可以从`<registry-name>.azurecr.io`拉取镜像。
+
+{{#include ../../../banners/hacktricks-training.md}}