f

src/pentesting-cloud/azure-security/az-lateral-movement-cloud-on-prem/README.md

@@ -39,4 +39,3 @@ This section covers the pivoting techniques to move from a compromised Entra ID
 
 {{#include ../../../banners/hacktricks-training.md}}
 
-

src/pentesting-cloud/azure-security/az-lateral-movement-cloud-on-prem/az-arc-vulnerable-gpo-deploy-script.md

@@ -69,4 +69,3 @@ At this point, we can gather the remaining information needed to connect to Azur
 - [https://xybytes.com/azure/Abusing-Azure-Arc/](https://xybytes.com/azure/Abusing-Azure-Arc/)
 
 {{#include ../../../banners/hacktricks-training.md}}
-

src/pentesting-cloud/azure-security/az-lateral-movement-cloud-on-prem/az-cloud-kerberos-trust.md

@@ -84,4 +84,3 @@ This dumps all AD user password hashes, giving the attacker the KRBTGT hash (let
 
 {{#include ../../../banners/hacktricks-training.md}}
 
-

src/pentesting-cloud/azure-security/az-lateral-movement-cloud-on-prem/az-cloud-sync.md

@@ -162,4 +162,4 @@ az rest \
 
 
 
-{{#include ../../../banners/hacktricks-training.md}}
+{{#include ../../../banners/hacktricks-training.md}}

src/pentesting-cloud/azure-security/az-lateral-movement-cloud-on-prem/az-connect-sync.md

@@ -215,4 +215,3 @@ az-seamless-sso.md
 
 {{#include ../../../banners/hacktricks-training.md}}
 
-

src/pentesting-cloud/azure-security/az-lateral-movement-cloud-on-prem/az-domain-services.md

@@ -87,4 +87,4 @@ while IFS=$'\t' read -r vm_name resource_group; do
 done <<< "$vm_list"
 ```
 
-{{#include ../../../banners/hacktricks-training.md}}
+{{#include ../../../banners/hacktricks-training.md}}

src/pentesting-cloud/azure-security/az-lateral-movement-cloud-on-prem/az-federation.md

@@ -160,4 +160,3 @@ Open-AADIntOffice365Portal -ImmutableID "aodilmsic30fugCUgHxsnK==" -Issuer http:
 
 {{#include ../../../banners/hacktricks-training.md}}
 
-

src/pentesting-cloud/azure-security/az-lateral-movement-cloud-on-prem/az-hybrid-identity-misc-attacks.md

@@ -28,4 +28,3 @@ In order to synchronize a new user from Entra ID to the on-prem AD these are the
 
 {{#include ../../../banners/hacktricks-training.md}}
 
-

src/pentesting-cloud/azure-security/az-lateral-movement-cloud-on-prem/az-local-cloud-credentials.md

@@ -60,4 +60,3 @@ curl -o <filename_output> -L -H "Authorization: Bearer <token>" '<@microsoft.gra
 
 {{#include ../../../banners/hacktricks-training.md}}
 
-

src/pentesting-cloud/azure-security/az-lateral-movement-cloud-on-prem/az-pass-the-certificate.md

@@ -38,4 +38,3 @@ Main.py [-h] --usercert USERCERT --certpass CERTPASS --remoteip REMOTEIP
 
 {{#include ../../../banners/hacktricks-training.md}}
 
-

src/pentesting-cloud/azure-security/az-lateral-movement-cloud-on-prem/az-pass-the-cookie.md

@@ -35,4 +35,3 @@ Just navigate to login.microsoftonline.com and add the cookie **`ESTSAUTHPERSIST
 - [https://stealthbits.com/blog/bypassing-mfa-with-pass-the-cookie/](https://stealthbits.com/blog/bypassing-mfa-with-pass-the-cookie/)
 
 {{#include ../../../banners/hacktricks-training.md}}
-

src/pentesting-cloud/azure-security/az-lateral-movement-cloud-on-prem/az-primary-refresh-token-prt.md

@@ -364,4 +364,3 @@ curl -s -X POST \
 
 {{#include ../../../banners/hacktricks-training.md}}
 
-

src/pentesting-cloud/azure-security/az-lateral-movement-cloud-on-prem/az-pta-pass-through-authentication.md

@@ -104,4 +104,3 @@ az-seamless-sso.md
 
 {{#include ../../../banners/hacktricks-training.md}}
 
-

src/pentesting-cloud/azure-security/az-lateral-movement-cloud-on-prem/az-seamless-sso.md

@@ -205,4 +205,3 @@ If the Active Directory administrators have access to Azure AD Connect, they can
 - [TR19: I'm in your cloud, reading everyone's emails - hacking Azure AD via Active Directory](https://www.youtube.com/watch?v=JEIR5oGCwdg)
 
 {{#include ../../../banners/hacktricks-training.md}}
-