├── .github ├── actions │ └── merge-cypher-queries │ │ ├── Dockerfile │ │ ├── action.yaml │ │ ├── entrypoint.sh │ │ └── scripts │ │ └── merge-cypher-queries.sh └── workflows │ └── merge-and-sync-to-azure-hunting.yml ├── LICENSE ├── README.md ├── assets └── images │ ├── 01_example_imported_collapsed.png │ ├── 02_example_users_groups.png │ ├── 03_example_service_principals.png │ └── 04_example_logic_apps.png ├── categories ├── 00-misc-interactive.md ├── 01-hybrid-users-groups.json ├── 02-entra-users-groups.json ├── 03-entra-serviceprincipals.json ├── 04-azure-users-groups.json ├── 05-azure-managedidentities.json ├── 06-azure-aks.json ├── 07-azure-appservice.json ├── 08-azure-automationaccount.json ├── 09-azure-containerregistry.json ├── 10-azure-functionapp.json ├── 11-azure-keyvault.json ├── 12-azure-logicapp.json ├── 13-azure-virtualmachine.json └── 14-azure-vmss.json ├── customqueries.json ├── upload-queries-to-bhce.py └── variables ├── helpers.json ├── tiering-azure-roles.json ├── tiering-entra-application-permissions.json └── tiering-entra-roles.json /.github/actions/merge-cypher-queries/Dockerfile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/emiliensocchi/azurehound-queries/HEAD/.github/actions/merge-cypher-queries/Dockerfile -------------------------------------------------------------------------------- /.github/actions/merge-cypher-queries/action.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/emiliensocchi/azurehound-queries/HEAD/.github/actions/merge-cypher-queries/action.yaml -------------------------------------------------------------------------------- /.github/actions/merge-cypher-queries/entrypoint.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/emiliensocchi/azurehound-queries/HEAD/.github/actions/merge-cypher-queries/entrypoint.sh -------------------------------------------------------------------------------- /.github/actions/merge-cypher-queries/scripts/merge-cypher-queries.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/emiliensocchi/azurehound-queries/HEAD/.github/actions/merge-cypher-queries/scripts/merge-cypher-queries.sh -------------------------------------------------------------------------------- /.github/workflows/merge-and-sync-to-azure-hunting.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/emiliensocchi/azurehound-queries/HEAD/.github/workflows/merge-and-sync-to-azure-hunting.yml -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/emiliensocchi/azurehound-queries/HEAD/LICENSE -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/emiliensocchi/azurehound-queries/HEAD/README.md -------------------------------------------------------------------------------- /assets/images/01_example_imported_collapsed.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/emiliensocchi/azurehound-queries/HEAD/assets/images/01_example_imported_collapsed.png -------------------------------------------------------------------------------- /assets/images/02_example_users_groups.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/emiliensocchi/azurehound-queries/HEAD/assets/images/02_example_users_groups.png -------------------------------------------------------------------------------- /assets/images/03_example_service_principals.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/emiliensocchi/azurehound-queries/HEAD/assets/images/03_example_service_principals.png -------------------------------------------------------------------------------- /assets/images/04_example_logic_apps.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/emiliensocchi/azurehound-queries/HEAD/assets/images/04_example_logic_apps.png -------------------------------------------------------------------------------- /categories/00-misc-interactive.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/emiliensocchi/azurehound-queries/HEAD/categories/00-misc-interactive.md -------------------------------------------------------------------------------- /categories/01-hybrid-users-groups.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/emiliensocchi/azurehound-queries/HEAD/categories/01-hybrid-users-groups.json -------------------------------------------------------------------------------- /categories/02-entra-users-groups.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/emiliensocchi/azurehound-queries/HEAD/categories/02-entra-users-groups.json -------------------------------------------------------------------------------- /categories/03-entra-serviceprincipals.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/emiliensocchi/azurehound-queries/HEAD/categories/03-entra-serviceprincipals.json -------------------------------------------------------------------------------- /categories/04-azure-users-groups.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/emiliensocchi/azurehound-queries/HEAD/categories/04-azure-users-groups.json -------------------------------------------------------------------------------- /categories/05-azure-managedidentities.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/emiliensocchi/azurehound-queries/HEAD/categories/05-azure-managedidentities.json -------------------------------------------------------------------------------- /categories/06-azure-aks.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/emiliensocchi/azurehound-queries/HEAD/categories/06-azure-aks.json -------------------------------------------------------------------------------- /categories/07-azure-appservice.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/emiliensocchi/azurehound-queries/HEAD/categories/07-azure-appservice.json -------------------------------------------------------------------------------- /categories/08-azure-automationaccount.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/emiliensocchi/azurehound-queries/HEAD/categories/08-azure-automationaccount.json -------------------------------------------------------------------------------- /categories/09-azure-containerregistry.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/emiliensocchi/azurehound-queries/HEAD/categories/09-azure-containerregistry.json -------------------------------------------------------------------------------- /categories/10-azure-functionapp.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/emiliensocchi/azurehound-queries/HEAD/categories/10-azure-functionapp.json -------------------------------------------------------------------------------- /categories/11-azure-keyvault.json: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /categories/12-azure-logicapp.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/emiliensocchi/azurehound-queries/HEAD/categories/12-azure-logicapp.json -------------------------------------------------------------------------------- /categories/13-azure-virtualmachine.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/emiliensocchi/azurehound-queries/HEAD/categories/13-azure-virtualmachine.json -------------------------------------------------------------------------------- /categories/14-azure-vmss.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/emiliensocchi/azurehound-queries/HEAD/categories/14-azure-vmss.json -------------------------------------------------------------------------------- /customqueries.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/emiliensocchi/azurehound-queries/HEAD/customqueries.json -------------------------------------------------------------------------------- /upload-queries-to-bhce.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/emiliensocchi/azurehound-queries/HEAD/upload-queries-to-bhce.py -------------------------------------------------------------------------------- /variables/helpers.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/emiliensocchi/azurehound-queries/HEAD/variables/helpers.json -------------------------------------------------------------------------------- /variables/tiering-azure-roles.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/emiliensocchi/azurehound-queries/HEAD/variables/tiering-azure-roles.json -------------------------------------------------------------------------------- /variables/tiering-entra-application-permissions.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/emiliensocchi/azurehound-queries/HEAD/variables/tiering-entra-application-permissions.json -------------------------------------------------------------------------------- /variables/tiering-entra-roles.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/emiliensocchi/azurehound-queries/HEAD/variables/tiering-entra-roles.json --------------------------------------------------------------------------------