From 87c89d2f25fc9282d1c3dfa59b03781ff9018b33 Mon Sep 17 00:00:00 2001
From: Jaime Polop <117489620+JaimePolop@users.noreply.github.com>
Date: Fri, 13 Dec 2024 01:31:02 +0100
Subject: [PATCH] Update README.md

---
 .../azure-security/az-services/vms/README.md  | 151 +++++++++++++++++-
 1 file changed, 150 insertions(+), 1 deletion(-)

diff --git a/pentesting-cloud/azure-security/az-services/vms/README.md b/pentesting-cloud/azure-security/az-services/vms/README.md
index 9ff2e58ba..e664d118d 100644
--- a/pentesting-cloud/azure-security/az-services/vms/README.md
+++ b/pentesting-cloud/azure-security/az-services/vms/README.md
@@ -66,6 +66,9 @@ Azure Virtual Machines (VMs) are flexible, on-demand **cloud-based servers that
 * It's possible to **generate a SAS URI** (of max 60days) to **export the disk**, which can be configured to require authentication or not
   * Same in snapshots
 
+{% tabs %}
+{% tab title="az cli" %}
+{% code overflow="wrap" %}
 ```bash
 # List all disks
 az disk list --output table
@@ -73,6 +76,21 @@ az disk list --output table
 # Get info about a disk
 az disk show --name <disk-name> --resource-group <rsc-group>
 ```
+{% endcode %}
+{% endtab %}
+{% tab title="PowerShell" %}
+{% code overflow="wrap" %}
+```powershell
+# List all disks
+Get-AzDisk
+
+# Get info about a disk
+Get-AzDisk -Name <DiskName> -ResourceGroupName <ResourceGroupName>
+```
+{% endcode %}
+{% endtab %}
+{% endtabs %}
+
 
 ## Images, Gallery Images & Restore points
 
@@ -81,6 +99,9 @@ Images can be managed in the **Images section** of Azure or inside **Azure compu
 
 A **restore point** stores the VM configuration and **point-in-time** application-consistent **snapshots of all the managed disks** attached to the VM. It's related to the VM and its purpose is to be able to restore that VM to how it was in that specific point in it.
 
+{% tabs %}
+{% tab title="az cli" %}
+{% code overflow="wrap" %}
 ```bash
 # Shared Image Galleries | Compute Galleries
 ## List all galleries and get info about one
@@ -112,6 +133,36 @@ az image list --output table
 az restore-point collection list-all --output table
 az restore-point collection show --collection-name <collection-name> --resource-group <rsc-group>
 ```
+{% endcode %}
+{% endtab %}
+{% tab title="PowerShell" %}
+{% code overflow="wrap" %}
+```powershell
+## List all galleries and get info about one
+Get-AzGallery
+Get-AzGallery -Name <GalleryName> -ResourceGroupName <ResourceGroupName>
+
+## List all image definitions in a gallery and get info about one
+Get-AzGalleryImageDefinition -GalleryName <GalleryName> -ResourceGroupName <ResourceGroupName>
+Get-AzGalleryImageDefinition -GalleryName <GalleryName> -ResourceGroupName <ResourceGroupName> -Name <ImageDefinitionName>
+
+## List all the versions of an image definition in a gallery 
+Get-AzGalleryImageVersion -GalleryImageDefinitionName <ImageName> -GalleryName <GalleryName> -ResourceGroupName <ResourceGroupName>
+
+## List all VM applications inside a gallery
+Get-AzGalleryApplication -GalleryName <GalleryName> -ResourceGroupName <ResourceGroupName>
+
+# Images 
+# List all managed images in your subscription
+Get-AzImage -Name <ResourceName> -ResourceGroupName <ResourceGroupName>
+
+# Restore points
+## List all restore points and get info about 1
+Get-AzRestorePointCollection -Name <CollectionName> -ResourceGroupName <ResourceGroupName>
+```
+{% endcode %}
+{% endtab %}
+{% endtabs %}
 
 ## Azure Site Recovery
 
@@ -125,6 +176,8 @@ The Bastion deploys a subnet called **`AzureBastionSubnet`** with a `/26` netmas
 
 To list all Azure Bastion Hosts in your subscription and connect to VMs through them, you can use the following commands:
 
+{% tabs %}
+{% tab title="az cli" %}
 {% code overflow="wrap" %}
 ```bash
 # List bastions
@@ -149,6 +202,16 @@ az network bastion rdp \
   --password <VM_PASSWORD>
 ```
 {% endcode %}
+{% endtab %}
+{% tab title="PowerShell" %}
+{% code overflow="wrap" %}
+```powershell
+# List bastions
+Get-AzBastion
+```
+{% endcode %}
+{% endtab %}
+{% endtabs %}
 
 ## Metadata
 
@@ -302,7 +365,6 @@ az vm run-command list --output table
 ```
 {% endcode %}
 {% endtab %}
-
 {% tab title="Az PS" %}
 ```powershell
 # Get readable VMs
@@ -321,7 +383,79 @@ Get-AzVMExtension -ResourceGroupName <res_group_name> -VMName <name>
 
 Get-AzVM | select -ExpandProperty NetworkProfile # Get name of network connector of VM
 Get-AzNetworkInterface -Name <name> # Get info of network connector (like IP)
+
+# Disks
+## List all disks and get info about one
+Get-AzDisk
+Get-AzDisk -Name <DiskName> -ResourceGroupName <ResourceGroupName>
+
+# Snapshots
+## List all galleries abd get info about one
+Get-AzGallery
+Get-AzGallery -Name <GalleryName> -ResourceGroupName <ResourceGroupName>
+
+## List all snapshots and get info about one
+Get-AzSnapshot
+Get-AzSnapshot -Name <SnapshotName> -ResourceGroupName <ResourceGroupName>
+
+## List all image definitions in a gallery and get info about one
+Get-AzGalleryImageDefinition -GalleryName <GalleryName> -ResourceGroupName <ResourceGroupName>
+Get-AzGalleryImageDefinition -GalleryName <GalleryName> -ResourceGroupName <ResourceGroupName> -Name <ImageDefinitionName>
+
+## List all the versions of an image definition in a gallery 
+Get-AzGalleryImageVersion -GalleryImageDefinitionName <ImageName> -GalleryName <GalleryName> -ResourceGroupName <ResourceGroupName>
+
+## List all VM applications inside a gallery
+Get-AzGalleryApplication -GalleryName <GalleryName> -ResourceGroupName <ResourceGroupName>
+
+# Images 
+# List all managed images in your subscription
+Get-AzImage -Name <ResourceName> -ResourceGroupName <ResourceGroupName>
+
+# Restore points
+## List all restore points and get info about 1
+Get-AzRestorePointCollection -Name <CollectionName> -ResourceGroupName <ResourceGroupName>
+
+# Bastion
+## List bastions
+Get-AzBastion
+
+# Network
+## List all VNets in your subscription
+Get-AzVirtualNetwork 
+
+## List VNet peering connections for a given VNet
+(Get-AzVirtualNetwork -ResourceGroupName <ResourceGroupName> -Name <VNetName>).VirtualNetworkPeerings
+
+## List Shared Resources (e.g., Azure Firewall) in the Hub
+Get-AzFirewall
+
+## List VPN Gateways
+Get-AzVirtualNetworkGateway -ResourceGroupName <ResourceGroupName>
+
+## List VPN Connections
+Get-AzVirtualNetworkGatewayConnection -ResourceGroupName <ResourceGroupName>
+
+## List ExpressRoute Circuits
+Get-AzExpressRouteCircuit
+
+# Misc
+## List all virtual machine scale sets
+Get-AzVmss
+
+## List all availability sets
+Get-AzAvailabilitySet
+
+## List all load balancers
+Get-AzLoadBalancer
+
+## List all storage accounts
+Get-AzStorageAccount
+
+## List all custom script extensions on a specific VM
+Get-AzVMExtension -VMName <VmName> -ResourceGroupName <ResourceGroupName>
 ```
+{% endcode %}
 {% endtab %}
 {% endtabs %}
 
@@ -337,6 +471,9 @@ The required permission is **`Microsoft.Compute/virtualMachines/extensions/write
 
 It's possible to list all the available extensions with:
 
+{% tabs %}
+{% tab title="Az Cli" %}
+{% code overflow="wrap" %}
 ```bash
 # It takes some mins to run
 az vm extension image list --output table
@@ -344,6 +481,18 @@ az vm extension image list --output table
 # Get extensions by publisher
 az vm extension image list --publisher "Site24x7" --output table
 ```
+{% endcode %}
+{% endtab %}
+{% tab title="PowerShell" %}
+{% code overflow="wrap" %}
+```powershell
+# It takes some mins to run
+Get-AzVMExtensionImage -Location <Location> -PublisherName <PublisherName> -Type <Type>
+```
+{% endcode %}
+{% endtab %}
+{% endtabs %}
+
 
 It's possible to **run custom extensions that runs custom code**: