Update az-azure-network.md

pentesting-cloud/azure-security/az-services/vms/az-azure-network.md

@@ -37,6 +37,8 @@ By default all subnets within the same Azure Virtual Network (VNet) **can commun
 
 To list all the VNets and subnets in an Azure account, you can use the Azure Command-Line Interface (CLI). Here are the steps:
 
+{% tabs %}
+{% tab title="az cli" %}
 {% code overflow="wrap" %}
 ```bash
 # List VNets
@@ -46,6 +48,21 @@ az network vnet list --query "[].{name:name, location:location, addressSpace:add
 az network vnet subnet list --resource-group <ResourceGroupName> --vnet-name <VNetName> --query "[].{name:name, addressPrefix:addressPrefix}" -o table
 ```
 {% endcode %}
+{% endtab %}
+{% tab title="PowerShell" %}
+{% code overflow="wrap" %}
+```powershell
+# List VNets
+Get-AzVirtualNetwork | Select-Object Name, Location, @{Name="AddressSpace"; Expression={$_.AddressSpace.AddressPrefixes}}
+
+# List subnets of a VNet
+Get-AzVirtualNetwork -ResourceGroupName <ResourceGroupName> -Name <VNetName> | 
+Select-Object -ExpandProperty Subnets | 
+Select-Object Name, AddressPrefix
+```
+{% endcode %}
+{% endtab %}
+{% endtabs %}
 
 ## Network Security Groups (NSG)
 
@@ -60,6 +77,8 @@ NSGs can be associated to **subnets and NICs.**
 
 ### Enumeration
 
+{% tabs %}
+{% tab title="az cli" %}
 {% code overflow="wrap" %}
 ```bash
 # List NSGs
@@ -73,7 +92,23 @@ az network nsg rule list --nsg-name <NSGName> --resource-group <ResourceGroupNam
 az network nsg show --name MyLowCostVM-nsg --resource-group Resource_Group_1 --query "{subnets: subnets, networkInterfaces: networkInterfaces}"
 ```
 {% endcode %}
+{% endtab %}
+{% tab title="PowerShell" %}
+{% code overflow="wrap" %}
+```powershell
+# List NSGs
+Get-AzNetworkSecurityGroup | Select-Object Name, Location
+Get-AzNetworkSecurityGroup -Name <NSGName> -ResourceGroupName <ResourceGroupName>
 
+# Get NSG rules
+(Get-AzNetworkSecurityGroup -ResourceGroupName <NSGName> -Name <ResourceGroupName>).SecurityRules 
+
+# Get NICs and subnets using this NSG
+(Get-AzNetworkSecurityGroup -Name <NSGName> -ResourceGroupName <ResourceGroupName>).Subnets
+```
+{% endcode %}
+{% endtab %}
+{% endtabs %}
 ## Azure Firewall
 
 Azure Firewall is a **managed network security service** in Azure that protects cloud resources by inspecting and controlling traffic. It is a **stateful firewall** that filters traffic based on rules for Layers 3 to 7, supporting communication both **within Azure** (east-west traffic) and **to/from external networks** (north-south traffic). Deployed at the **Virtual Network (VNet) level**, it provides centralized protection for all subnets in the VNet. Azure Firewall automatically scales to handle traffic demands and ensures high availability without requiring manual setup.
@@ -92,6 +127,8 @@ It is available in three SKUs—**Basic**, **Standard**, and **Premium**, each t
 
 ### Enumeration
 
+{% tabs %}
+{% tab title="az cli" %}
 {% code overflow="wrap" %}
 ```bash
 # List Azure Firewalls
@@ -107,6 +144,25 @@ az network firewall application-rule collection list --firewall-name <FirewallNa
 az network firewall nat-rule collection list --firewall-name <FirewallName> --resource-group <ResourceGroupName> --query "[].{name:name, rules:rules}" -o table
 ```
 {% endcode %}
+{% endtab %}
+{% tab title="PowerShell" %}
+{% code overflow="wrap" %}
+```powershell
+# List Azure Firewalls
+Get-AzFirewall
+
+# Get network rules of a firewall
+(Get-AzFirewall -Name <FirewallName> -ResourceGroupName <ResourceGroupName>).NetworkRuleCollections
+
+# Get application rules of a firewall
+(Get-AzFirewall -Name <FirewallName> -ResourceGroupName <ResourceGroupName>).ApplicationRuleCollections
+
+# Get nat rules of a firewall
+(Get-AzFirewall -Name <FirewallName> -ResourceGroupName <ResourceGroupName>).NatRuleCollections
+```
+{% endcode %}
+{% endtab %}
+{% endtabs %}
 
 ## Azure Route Tables
 
@@ -116,6 +172,8 @@ Azure **Route Tables** are used to control the routing of network traffic within
 
 ### **Enumeration**
 
+{% tabs %}
+{% tab title="az cli" %}
 {% code overflow="wrap" %}
 ```bash
 # List Route Tables
@@ -125,7 +183,19 @@ az network route-table list --query "[].{name:name, resourceGroup:resourceGroup,
 az network route-table route list --route-table-name <RouteTableName> --resource-group <ResourceGroupName> --query "[].{name:name, addressPrefix:addressPrefix, nextHopType:nextHopType, nextHopIpAddress:nextHopIpAddress}" -o table
 ```
 {% endcode %}
+{% endtab %}
+{% tab title="PowerShell" %}
+{% code overflow="wrap" %}
+```powershell
+# List Route Tables
+Get-AzRouteTable
 
+# List routes for a table
+(Get-AzRouteTable -Name <RouteTableName> -ResourceGroupName <ResourceGroupName>).Routes
+```
+{% endcode %}
+{% endtab %}
+{% endtabs %}
 ## Azure Private Link
 
 Azure Private Link is a service in Azure that **enables private access to Azure services** by ensuring that **traffic between your Azure virtual network (VNet) and the service travels entirely within Microsoft's Azure backbone network**. It effectively brings the service into your VNet. This setup enhances security by not exposing the data to the public internet.
@@ -142,6 +212,8 @@ Consider a scenario where you have an **Azure SQL Database that you want to acce
 
 ### **Enumeration**
 
+{% tabs %}
+{% tab title="az cli" %}
 {% code overflow="wrap" %}
 ```bash
 # List Private Link Services
@@ -151,6 +223,19 @@ az network private-link-service list --query "[].{name:name, location:location,
 az network private-endpoint list --query "[].{name:name, location:location, resourceGroup:resourceGroup, privateLinkServiceConnections:privateLinkServiceConnections}" -o table
 ```
 {% endcode %}
+{% endtab %}
+{% tab title="PowerShell" %}
+{% code overflow="wrap" %}
+```powershell
+# List Private Link Services
+Get-AzPrivateLinkService | Select-Object Name, Location, ResourceGroupName
+
+# List Private Endpoints
+Get-AzPrivateEndpoint | Select-Object Name, Location, ResourceGroupName, PrivateEndpointConnections
+```
+{% endcode %}
+{% endtab %}
+{% endtabs %}
 
 ## Azure Service Endpoints
 
@@ -162,6 +247,8 @@ For instance, an **Azure Storage** account by default is accessible over the pub
 
 ### **Enumeration**
 
+{% tabs %}
+{% tab title="az cli" %}
 {% code overflow="wrap" %}
 ```bash
 # List Virtual Networks with Service Endpoints
@@ -171,6 +258,19 @@ az network vnet list --query "[].{name:name, location:location, serviceEndpoints
 az network vnet subnet list --resource-group <ResourceGroupName> --vnet-name <VNetName> --query "[].{name:name, serviceEndpoints:serviceEndpoints}" -o table
 ```
 {% endcode %}
+{% endtab %}
+{% tab title="PowerShell" %}
+{% code overflow="wrap" %}
+```powershell
+# List Virtual Networks with Service Endpoints
+Get-AzVirtualNetwork
+
+# List Subnets with Service Endpoints
+(Get-AzVirtualNetwork -ResourceGroupName <ResourceGroupName> -Name <VNetName>).Subnets 
+```
+{% endcode %}
+{% endtab %}
+{% endtabs %}
 
 ### Differences Between Service Endpoints and Private Links
 
@@ -208,6 +308,8 @@ Imagine you have a globally distributed application with users all around the wo
 
 ### Enumeration
 
+{% tabs %}
+{% tab title="az cli" %}
 {% code overflow="wrap" %}
 ```bash
 # List Azure Front Door Instances
@@ -217,6 +319,19 @@ az network front-door list --query "[].{name:name, resourceGroup:resourceGroup,
 az network front-door waf-policy list --query "[].{name:name, resourceGroup:resourceGroup, location:location}" -o table
 ```
 {% endcode %}
+{% endtab %}
+{% tab title="PowerShell" %}
+{% code overflow="wrap" %}
+```powershell
+# List Azure Front Door Instances
+Get-AzFrontDoor
+
+# List Front Door WAF Policies
+Get-AzFrontDoorWafPolicy -Name <policyName> -ResourceGroupName <resourceGroupName>
+```
+{% endcode %}
+{% endtab %}
+{% endtabs %}
 
 ## Azure Application Gateway and Azure Application Gateway WAF
 
@@ -229,12 +344,24 @@ And **protect your website from attacks using the WAF capabilities.**
 
 ### **Enumeration**
 
+{% tabs %}
+{% tab title="az cli" %}
 {% code overflow="wrap" %}
 ```bash
 # List the Web Application Firewall configurations for your Application Gateways
 az network application-gateway waf-config list --gateway-name <AppGatewayName> --resource-group <ResourceGroupName> --query "[].{name:name, firewallMode:firewallMode, ruleSetType:ruleSetType, ruleSetVersion:ruleSetVersion}" -o table
 ```
 {% endcode %}
+{% endtab %}
+{% tab title="PowerShell" %}
+{% code overflow="wrap" %}
+```powershell
+# List the Web Application Firewall configurations for your Application Gateways
+(Get-AzApplicationGateway -Name <AppGatewayName> -ResourceGroupName <ResourceGroupName>).WebApplicationFirewallConfiguration
+```
+{% endcode %}
+{% endtab %}
+{% endtabs %}
 
 ## Azure Hub, Spoke & VNet Peering
 
@@ -253,6 +380,8 @@ Imagine a company with separate departments like Sales, HR, and Development, **e
 
 ### Enumeration
 
+{% tabs %}
+{% tab title="az cli" %}
 {% code overflow="wrap" %}
 ```bash
 # List all VNets in your subscription
@@ -265,6 +394,22 @@ az network vnet peering list --resource-group <ResourceGroupName> --vnet-name <V
 az network firewall list --query "[].{name:name, location:location, resourceGroup:resourceGroup}" -o table
 ```
 {% endcode %}
+{% endtab %}
+{% tab title="PowerShell" %}
+{% code overflow="wrap" %}
+```powershell
+# List all VNets in your subscription
+Get-AzVirtualNetwork 
+
+# List VNet peering connections for a given VNet
+(Get-AzVirtualNetwork -ResourceGroupName <ResourceGroupName> -Name <VNetName>).VirtualNetworkPeerings
+
+# List Shared Resources (e.g., Azure Firewall) in the Hub
+Get-AzFirewall
+```
+{% endcode %}
+{% endtab %}
+{% endtabs %}
 
 ## Site-to-Site VPN
 
@@ -276,6 +421,8 @@ A business with its main office located in New York has an on-premises data cent
 
 ### **Enumeration**
 
+{% tabs %}
+{% tab title="az cli" %}
 {% code overflow="wrap" %}
 ```bash
 # List VPN Gateways
@@ -285,6 +432,19 @@ az network vnet-gateway list --query "[].{name:name, location:location, resource
 az network vpn-connection list --gateway-name <VpnGatewayName> --resource-group <ResourceGroupName> --query "[].{name:name, connectionType:connectionType, connectionStatus:connectionStatus}" -o table
 ```
 {% endcode %}
+{% endtab %}
+{% tab title="PowerShell" %}
+{% code overflow="wrap" %}
+```powershell
+# List VPN Gateways
+Get-AzVirtualNetworkGateway -ResourceGroupName <ResourceGroupName>
+
+# List VPN Connections
+Get-AzVirtualNetworkGatewayConnection -ResourceGroupName <ResourceGroupName>
+```
+{% endcode %}
+{% endtab %}
+{% endtabs %}
 
 ## Azure ExpressRoute
 
@@ -296,12 +456,24 @@ A multinational corporation requires a **consistent and reliable connection to i
 
 ### **Enumeration**
 
+{% tabs %}
+{% tab title="az cli" %}
 {% code overflow="wrap" %}
 ```bash
 # List ExpressRoute Circuits
 az network express-route list --query "[].{name:name, location:location, resourceGroup:resourceGroup, serviceProviderName:serviceProviderName, peeringLocation:peeringLocation}" -o table
 ```
 {% endcode %}
+{% endtab %}
+{% tab title="PowerShell" %}
+{% code overflow="wrap" %}
+```powershell
+# List ExpressRoute Circuits
+Get-AzExpressRouteCircuit
+```
+{% endcode %}
+{% endtab %}
+{% endtabs %}
 
 {% hint style="success" %}
 Learn & practice AWS Hacking:<img src="../../../../.gitbook/assets/image (1) (1) (1) (1).png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="../../../../.gitbook/assets/image (1) (1) (1) (1).png" alt="" data-size="line">\