From 1808aea2212496760fffb5eee60c7afa33078d3c Mon Sep 17 00:00:00 2001
From: Carlos Polop <carlospolop@gmail.com>
Date: Sun, 5 Jan 2025 23:48:40 +0100
Subject: [PATCH] static

---
 src/images/azure_static_password.png          | Bin 0 -> 14369 bytes
 .../aws-sagemaker-privesc.md                  |   2 +-
 .../az-static-web-apps-post-exploitation.md   | 113 ++++++++++++++++++
 ...-conditional-access-policies-mfa-bypass.md |   2 +-
 .../az-services/az-static-web-apps.md         |  62 +++++++++-
 .../azure-security/az-services/image.png      | Bin 0 -> 14254 bytes
 6 files changed, 176 insertions(+), 3 deletions(-)
 create mode 100644 src/images/azure_static_password.png
 create mode 100644 src/pentesting-cloud/azure-security/az-services/image.png

diff --git a/src/images/azure_static_password.png b/src/images/azure_static_password.png
new file mode 100644
index 0000000000000000000000000000000000000000..9b11425160fdf4e9366904aff148498194333728
GIT binary patch
literal 14369
zcmeHuWmp}-(kAX62n2Ts?s9MsArJ`e?!i4c1a~L66Ch|HxNC5S;LZWUL4(UTgnPex
zpZ#|K?X!RO!hz|Tsh+B??&*5#?LJ|O3Nq*@geXu@Q0TI6BtJkwK{o;AT_gnHzeQ{U
z0dPUfQbIyeRziYY(b3M#@}nsf6n&gaY^$8O18y*xyzGtNzye`LUI*nn%Yoj2JbNt0
z8^3^q8K&dS{#I$YC}wVWe<z7rc<#^4V!oo<idf8169f&3%cC=cOdxx{F%J)ZVm<p$
zT!kDg<mrqACqLO&yEfu0uaOaLn;a&J_lm-MjFhU6xrxfW7;Q_^p>Ne3=&I9?L<DLt
zNV^fIR(9JTf~{nW-s$e7pXXFW!tmX7RgVPJcxX2a#TI|Qv{9J58rYGHVlB=3b=7cO
zXCKm5L=!~z`96&7(+#3IC(+F==EbE=$<k8fu)-c`-a9OV&zb?B3F4!C?>b9;GX%q#
z(Pm}8OGA@kE8)KS(51XJ{;G$SIMx$d+;z15tjxM7;24>&e}AC{adfxCQ)}*%dd@uw
zi%gQ4#cBy?kj2S`PjPb=ry(Nw4+rMRy<+3{Z*%dcs?oW7q!oi?XRt<xqJ@TqfU}KE
zHDt}?<)IjWG7=OFG!7IjP=W@2p+YR7;Qp4OplE?36clWHFcczi!~y;kb71~?7rH42
z_Mc^_-6ugYWeHhX;HYfuXliQfWMSw04RN6y3JONZQbogAL;fAe*v^K<(8SKjl*Qe~
z{;3L-pgRaC+L$^UlDpe{v~>cx3sL@+00HHv%dC{-e?^?Fg(x-T70D&+98Jl2SlC$D
zD1}kT$;kyBP0T<aB&GjR9XJ!Bv~YH|2eGocxw)~pakAJsnzOR=^YgQ^aj<f5Far|I
zP9C<-hVIO^PE^ki`R8*aO`VJ#E$y8x?QF@Po@;1i=i)3xN%^Gczki<XG<CQ9mnK`M
ze>4kdAnVf|R(2LP*8g2KXG^pHL$#+n&(;36>sg)P)5AcDmhPq>H6<-=0Ive333G6=
z3;tE}Kkod?(C3<}PNt3$b~ZpoXW@T!%Regr`_2Eg;$M{-|5C}t#qsYd|LxAd)qH9K
z=)I#Qpv~~fhr)oF|Kr*}<ONxu9Q<z%f9}n{SAp&nMiFHF@1Y@#BKKna3JQvINLErz
z#U1)E6EPJ}YBqQbDv&-ek6ao~iJd8Rj(9fX`$p4FWZ8q6?p(`G230WkZWX~S_bxFM
z>{lcsaV0EdO4zB#Yn1oe%TwNVW0|jZUB}$A%x&G&)m7D7RdtKIO0v>KrRb?eVV*vU
ziZF*LX{=@uaBuvcKE%)rAT>A~a%dcKfAJSNd5q2{98S-&D$d_vpG!fsqEhPM4bz?H
zI$yyWh|eVydB5<A@!p}~I4I;;C}hQnY7F22d~nmC@N{z{Qoc|D4~E9c$ulN-QUQ%a
z&jroUB#zI@Df8DHQK^2=KMb>gQE?7p(KCyFwk$l_<*$Kna>n7lf>Cr^hKZjZ91Dd<
za`0D0tY|Kv5U<Jo3;$p9friZfRq>yO{HsTtzaqf3-<?Ky-Ru>gZl~xEHaKjWTyLkO
zTpTWj$d;9tC&9ne5N&cjBy2h<03mywPsnf>_o1aUWC?i=3Z4xsXCj-Hre$`dvKwy|
zXZtvwjPkB})f{)B^4@Y1P#~*_=g=yaP#ZV}d;G5MHz_Os!9cXV5y8rWNaj^V?6DO$
znJb|R2G>~HT9bY{2UD#2KDG{B1Y!!)FWR+xYfFrqoi*=fc@EmtFYlcC_F&5l(4^>0
znrX6a&Pb7~FKnERiKJ{s3n;93U+P|pEB#VcH)U|N3dSH|s9*JI9@<!P8e@LE+Z8FJ
zZJx>aQR?6Gxz-X!wFLZQ$x&`^sqs4_!8_|{0(NoX>#c;U97x-(?H7Khq9u>rOyXZb
zD(;i<aKg90IUCmkP`hMQ67tG+YJ)o5#bL_d<S^hZdtWZoeIFC{ghTyQetXp3-tuQw
zdz8e-b;ZN{68~fX^?B6c93yS@?brA|KAawRW6Gtl=yq)_ei8+*Wg6@`Ocuyy$z4p9
zC>J+j8((03_fjLQs2=;d@4L|xmTUNCmaR?XxU8(~ER%9Kw4El!o!zRk7A<bvaZl!s
zEz9DkV2*-;S{{z2)x(g`3uy_F$2%u}yRggRcV8w8nvw`!lgQ=-A#F)dP&}eC*D9L8
zU9N|aNmoUZiRdW^Uz_~;_<aQKfZl0@JEeoqD1^i{c8I0<+g1cJ%}ss#z5LDj-e!?}
z^+P?R>0t1rpNw@CaPk)agOqU>Ix(N(tcEfArCT>T@6|-Z8K&?Rc?+hm?3mEyl9PnU
zKmzMj@%t2Q+eWEbJx`mGk`jlPF;yB;Sqg$DlK!eX@qQ_V)&sE=0TZXeM7H27L&9Gv
z>iXWQKYp2|v-#Ku>o=%VvT0PCllfe&vxL)Sxp!?toBDC|tolL2Zna*n$azT`Phys>
z0N&TWxi~y1YBl`1SfMMR>9L)(U0PNV|1*J3Cd>a+>Lyy~Vm`FF@RiPHfHMRTuYee$
z_(b#X*n7--9<?f;88~#r?hbQ~p-qLf<lkYD4bC!Yt+&V5dY_H(LP*3iz7kzzeXRLO
zdz$@t*B>9}PRwnUNbER3!NTe^%3q9%Y5PXq+uPfS02D8(iZ#CSv1}+mMi^yi?D)NB
zXNe`~{(MTp7u1A$U*i9^YJf80^X1*uZ!h54n6&Rwv4T5)R<=J7e#JBYX%CEKU%xBw
z66z&cx=dVQ^C@}WKlx6(`1)QB?qrs2mn)t`SDLQBOeI7D5ztYN4h9(KO;dEcJd@2I
zL%qN}(QJ{Ke)-o^!2*IIiwHy?4ORkx_lCuBtZV*ckg*c&7_C{2=4G(FK;y-NwZtQ1
zdF==L1<T@~xtB4%UXS;eM3PC|_ob2ng~?i_CU*zlzANP9Cmp|<({<C8eFS-v-t_(i
zEYzPAIXwklU+J#-AlHvDbxbU;^vX55&$)SQO1B2vsCKh`+i2(<B{kYV-g9*F^ZjnS
zg%~c(>~r8`;Zu*N!Liv)?N1U&6}N62n~LYdi*;}Dy1Jj(M+I~41)Xz#o65!(0Z9>p
z2N*>IcSEGSKt?EmYB($v^f?(`{*)Kl9&7%HH}$Y2)zXj{V*bhHxfSP}MHb3Ste8q%
zW<6(wwuhU8H!TjXJNW%kyesq9su6Ptkq+%Dn{ygcyCS^IwgqG;Ln%yqbC$C`H-4wl
zB5nue^%z51=-C;Lk-INkFnvLRShP~+1cYqjuX?im&$}vFE%)R;41Z0hKkF-yFQzBj
zBJ<F)F0UipdaP)MoF=?{m(IgHp`Q^p78lME5Q|^_j$Az)QdZd(&P5Gg7H2y>(XZ(z
z^A#L_P3ndj1-iSwJlRP5-LM(GE|hUQD1&a$<%#sTmGEAxDkt8)N$o}07#U69(YlAl
z8?VkYW-{<~x{gCHUakP-=*OaMCorcS*iuzmG%yiIgQ0SAxxyGx=rxq{c$&g^LqV-C
z!CW~JF!_?_;Cu76mJd>hh2>M<SZpJyqlIt4Z<bD!RFcp84?2SI^$5URg`Nl?ED-lA
z4}=QuC%;l&-h1*P()mh5Z*u}O@i@`xX3Xr}X<)JYjdM82&oO}fV@BseWjh42UaYgQ
zMkl=ByYt0-?KhldjL7OB8L5KMpXoO%ovUUDiinE%8>a82cq5p7%K}AhaY>54sp-1R
z450oQm%!u?Ptp5iS#`5t)-1w><sg>7)*i~*dj0|2dz2(@*aNRz2o~GKocc(c6x?mm
zIq5jUJ*VMZqO8{)f{A&5g&tjD9t82JB+ExsR>(yZg2wk`iMDDbT)DvOy*a2PbHy2k
z-8kzuQX#>okGevt!I28tz0E`yl!@Yi(Pc!N@;krzz;X}%eYF=t8HEaxJ~6){$#Wcp
z^Z1j!o{}zvYTK60+IH2o9A3;C#+rIXC7~aeC`SYmdT?^lj;47nn0I&gY3uexfd4pO
zTG)_J;Fn$dJ>}T(l(~;Pwf`)oVp2E;I>x7{tM10t7eDY_V}vd&#>tZdz`VgtVA4;^
zu8TI^__#jf2G{61V0PCJmVDgqNZBEADPiqAK`uB$bhC!<a^Qx&kJma!HPPY3d6&+J
z=utzcW^tLBqOD@FS1x{KxUG2PHfM^yzA?0^HN8B%8lZ}iyi?5suefibN3b}0-5%Cc
zIow*(r#xJ7eSe)g0DHax#Pw)F*g4wmL}cmCz5)HY+GE%A;;EU`9{&ER5Ds~qVYZxy
zwWEjIBg|Hyx%;0B(PgHCsFk|Q#>r;ODZo%yhMQAqFUK%N?yyc|q|8m+zahY=HpXCN
z!!goS=>^Uh-3`&t^OYSKoC0$V(zhW4(8FeoNYjyd(U+3$$qz&pmwZ?LL9~){LmAuI
zgi(AEg1g{*6+#7~PPSwKHGl*kk9;2wMqO@(ym!#_{ro#(c=Gb1629gJI(5fHvn^lG
zR~t+4W-!$+ImTHxgXgRB!J(p6WY{pmvNh+Ea=iAWJRdc{MQ^2I`>4h4<dbU8`={Vh
zXQc3TYdbeL9@aX?7$>uFF&;Jy@9i7(-yUbGC75S>&uZ!{)cMwq<#!%tx~*UzvPn%M
zUiQA!Mhiihtkf6j)HjwYzM~SGJUuEtteewwGCby{)OVhS=m+m!{h-;Gy3@=>%!(Cd
z#2J{mfXU>+&Md;M<B6o_Pu1xj_WVhc;{0}f_3@!z@XxfetrNfAG#3pb1Z3s>mQxRb
z&7pseRZY_ruUOEla5~Z6;+@OFln@4bM8#&PRzSEyC8+-J$KvQAo(dI~8#;XGUFYvr
zxVIQ)>sW`f>E8t|Aj<-dhx%9O9+R{1SARr`Yz$9K319U1m!rzY&x+Dr%R5R)SnBtL
zt%fu^bPGMo@wcrOoZm*iEhLNL#?1{Q8(o@=cF3Y%ED#ZCarl#+KXq2(bzc?5f4M2s
zP~hA-g1^`lIGWE|xUWw0c0MM3mwNmIT&bgE@svs&YrX+jz@wgDtAMQIykSUKMYfc!
z;nrtqbp5gZ?5J4EET85MeD$1T=hBfwiop0Yc>S%AjR|<K6B!fWmHs+0S*Gk_o1G*y
zhD$7+s5q-QdG(|CPu03z1oIEJquee|#7OZf875ihCRS(LVc&obUkbJfOA!GZ`$*no
zbiqW24htwxXr&bg|7J4Zg|8f>7<03)I~pqz)??}CC3fAy3D2_et5!!+zK?>2+R?^x
zMUyqnUe&ve4ZgO%>3T!xf#Yj8IT`#5dN|(sU{>BN-G=8f@yeH+UbTJNuQ2X)z8lV!
zF_KDQUibN%yB7wQd~6Gi0K)8ARMb$UJR23T0|&DzCw_1~4(&rocRUH<tKL(e>)+}l
zvP0YKbS|j`GoT}ynuTLbeS4rcY5g<nG`47wAJw&M1bR88Lpz^i6M*5zsyI07cLTW^
z42~jPj~=<y?9Gn<T+>-}09kJ4MT*|*DMFFvm!*QeBcjuPI4>5tPN5mQZxN59z<dCY
z!}KSS3-iRP-kBSKI4r3=v~*Be8VuY~_qxGsd%p<2{6a##tKJicxH{>6M5fDF!?j7S
zI%zrw036*cs~0q_O=9LY|G5MVvn;u~a*8ZDTjB0y*9@9K-WC?ZAhj%80N+lk@e-My
z&#lUfPj#u{UAV6wm}7sY+qLZ}Fru5Ed{qj|97JVpA#Wn-(!EuVw-_jA?>jFnUpKU}
z>BUn=>n_Vx0Aof2X@Jv)I>Rv@y8d+hXgiY!sXp&nQagN43j2n>Rkddne^IZ$LI|rI
zQ}t(G%~N81_LJTRRR5#kGi|$8?v2ltJ_X392dHh*#sS=*cQSOy^SKr4V@2I_I!+^@
z>f8!pI*ahLMTZegRxKu@=+P&&<v$jzuthBOtHnYFC(T;eYm{Nr*zW$!>1SVg2p%*9
zk$Q;3%t+=CG8qwmHx$fTY1ljG-_3Y&5^yi<P$vJqNkt+lw2<HjP7nNSrj{NAQ!OX<
zZTGc<vB2kE>;9|RP*@DU9RF-xx8<3bzD(;)+>;P*`3GTsl5HtS8BCPMx6)IzqkN`#
z>QO9DJb8l~h<22g4?}g6q=uIvyfzB?KnOz)n|A}|fwF#0fk+#-R8kyS(08>u=S_m$
z-$#Z$-iPOsUH$b)1_E#IP({AFJ#c!JDXbE{@KHeyJ_!_Ca-3Y9(qyp-9az1A)&uk|
z%}r>SoVD8}MPSlj?e+2C`=TQ42l$fh);7VZzOBRhI(P_wf{;hd<m-#A$HDcvIKwe~
zk@|o);DRG9Pom|)Ji?xA@zpt*bd!+N!%LW@Gm)RFmV84)ugo(hava9@WSbA8*(mC{
z7L{Z^Vv96DvHBiB--&-YY(8oW)2}_g9H(d*qnDrPl|MQ`qZc_o?bZf4d{ddwys6&B
zx<20QX;g@#{FQq(_Fhhe@WNf^D=+xn)onkPNFoe~v#sZ{gM#UYKNw^MW`0<QDL~bJ
zbG%o7rEXWnJCag+p6gV25QmM>aDgYET)UTO9Ox*Xc5I5@&KYt?wcPX)pZ0z6C!zvq
zpUEE&<QNQ1SY+=@{X{8nbw9-5u%_RymtpxBgBd};HNzR-qVAGahs~*XBn5xxnA@9X
z^LEFWEVd4GT_oA0lDSf590?_B9xum57e3i4ULD<}diDA8SHWwPt0~K}H)+fY0!CCn
zD&G;7ffX@MSe-SNTx(<C$c1P%r((P<+Vmr)M8w0u)3s70q)I%p`SwKH=`xYh_gC?w
zxf;2G8v!wtiE?C#_FiNLv$ee<8L^2x4JGT!f|d~NO3R0JQdR+mCIqCt@o>0O@rhnM
z)rH{M4;eXp8&k^e(0{T`o6y&MV1K{AC0C$l`xqN_nQ;g|dx#PiQ^7?{+3m)8FKtuV
zdhymv`mPK&EX&8KN5&sh=zP2<SS`u|MmJCv4N{z+m?yCYfKgE1@VArhIZL*|<5xUt
z6NWb!+2Y-`UwW-&ddjS=<rPGPo0E&)DIuJ^7JBqgMd(i~C`9gW$P4s+S9hZvv_qD`
zE>vzk=u;c#^f5AKjGA09k!tYeYR|j)Z<gJjIApq7H+SzVX@p=i3$Ab(yNs+}WGkH&
zFO-1ektWOQkfzr<wKP$wO1<Ec4Xg5cvdC8R*yU(XL}sflG1d(n%*<xDyMVM;rzL4=
zj<vZVsu@I?sE`S2M4xQKv!ZdhF*HaDw?U|a=~?-%*ZN87g8Rm2D6<>fiRNQ)ZZKQu
z9?U>uzK;CD?W2RmN6q9<JcFp|E!Blki%3;rARA15LDJOqMQJMyuA)QcsXxXObpqz=
zNM*wfK_3P69v3D<ZqN?i+K*CdP9Ye-+9E^Hs5+jGmfYcx%sM8%ODFrSJ7PtVNpt@+
zVT$G0hgZ;$vyUcI#TJ3JAYqYT;NIkvV-MV41pH7l7-s#;KZ$N4DNb-l<9jFkWudkr
zMOA%X(U_xsS)#@2SiqazA%CdnOUI%Kj0f(EeukO@Q}VfsJ#%kdFd0ouT45X_&$Jpg
zz<6O3xBP<`BLs-Cyd?TFiNCT~6rxi2ot@7lgMS`2z|8%p;(wg;e|hBiFVQyvB#ao4
zTtwxanEN<NuK_>+`%Y;Rd3t8%XO&_12cf&uA=cBKbi21$a3wzOfpBRFqGgOt04NdN
zNwa1FxSu!xhpPZI4WswXd0c)p=&hdjAJs4H#=*pHOAeE*o^JdALQdyAij08ccyR@3
zJ~HX>gMQ)=hk$%Di(g0k%pIVfegd=!9l+VRS<TutZokyDshfGr&^_JJA_jwpW#J;_
z1`v#c*fPZH@jd`r9}LB&(y==Nn8et+SuHtI-#Z8X$GbDrKQro;<eoFHOu9ZJI|8Ya
zy7@+GsU(chr}NmU_ae*72jjUCd1QQf*x6i`ANKDlSKKd`-6Xc#0pvFXv{8>E9n2<p
zJ}y!7yJiT;rqij%b>OsgCn%^0%EcDy?T(_s*haXB>_Out%5-kasbueR3*=*lGx)!=
zD{-f<KJk2Uod8#u%|BWzXcC?CMNkX$TZ3WY=H_O45unW8x2CAESVBs$RqeY^O=Uz-
zwu*oJnB~_L`g62-SKUvV;C=B+M)4?(p^zXcLg4lNc2~iPyi@&^Fu?p3&-X<UnJaMI
z{{9}aD@zAhT=}tn*%jxAEzwg=u;T53Mv482`Ee7$Q@EkY%@Fjcae^#0I!)Sq;V=zH
z11P;@ZCifcZI6>){E&wy4i)fEHqq;g-@lYAn)XYNR{)A`8$#kbZ&=euXg$!ln?<y8
z3uHKS=^tyt(%&uvbmA63v7sLIzMs4UD2M!-ZVZ72grhtlEw$`c`5j9kp@aKoPWinM
z4PaNg=fj-7Z)O_)H#t3k<9N#BhJfw@7r6kW)AE}S9net-d>`v()NCcuFjIGQeXh5c
z!31+ht(RFtL|xtYEoY-nQ(YntSNU?R(oAE*x8HI)#bb!()-HfiGYIgIR7AE7xjFzN
zSOesA15Zpaz%C2rp>G2usOt&2uYtgr;8_D7Tasyjo*?81@UHErn<RC;YVFfWIo6+9
zo{-le#EzkItH8iGgwQ166FL^aDz6ws)oL`ZUjaEas2<1)7um%m6@?98c(=&bMQ*@U
zmuSP3cbjC7v3P14VgPf>lG4sO%GbRtA%p6HxVh}My4*-}Z!m&<M?qxQQk~(k^94d|
zDdE#eV(JXAFeuXJmLI|=u1+?W6UjGj&$1tx=rZgBQXM;RMWi$6n_Xr#`>Si~dOjSz
z#nCTd9$9{W*%S6cS1(Rxc+fA774TeU*>`%nX*Z-(47Y+uz(`ly0oY^)454$y{!hi3
zu8xqC?4nur<3)fxTzZF{{KnpAlz%sLrY??3rb#ddlK<^ES{X%LlqgCqWr($%xNNfX
z#e2c^$vjqz@pfO|-6E8(#`5-uo6e$iTf!ojA?A8C2tde+dbV`}yye!NRsKGN>USq1
z+3(SHM27>IhGyZ@0V-G<tfgy#qm~!M0HF)H1KfuC#0ZHJ1+4)*0me?Y?}KQu8jKD3
zviD<gqP}iBa+CAkMpnr|49ok56`$L~Zu;0PKvK9xVQ7dh+Y9F-kXf;?WHzDK8lnQE
zN<CXfCK{RW(zO!2u|j9Ud*N5a_8riW1xQ(d%Ur2JhHsUhMc`(IOWM3{S&h@&0utN;
zA6zNi5_f6_@Iv|X6!<e3?#}sSdF;H}Mf7OiD@up4877u6emtySZMrReql0BLtt0r7
z^jo$kgx}3$uP_AxQ}EbN;5{Sj;c&xME$8~3WpR(LzWaI*gixeO0ap;1YapM1Sqoh;
zL@{fj3c(<{HtH28ts)H(Q`^-BL<`R$2ZdRbP-U+{P($xM|2FQfi~#34=iQ64ev$k0
z1g9(>8?CD84|4EGh|ub6I+le=I0ve)rQh)G*D;{sr?`6QXvIn+xl<luMf4Bymiu(t
z5w3E%eLj&YX4VCLgRHISc^+;rVIl6Pv4}NTlgPq@V9-|8?L)r8pdJLc+6SWZ%y%^Q
z`=)92D`L23*D7P7kqXWiB3pU`?>wyPLIp++spT%~_@26(@AOxt6O&_52pn78+`bVy
z93eaxpT+qTrwE18+oSGm<-NzSj?TNZMyN{9!lkt^<+741nX^Xj4(;%M?ry2>Vnb)s
z7;j!rkqcqbwz)h46P=ro>T_Uxs2qR0V(LN}X5d~^kY^D;xgI_9o5mJV_Krs&y)@{2
z5hDO;$UnOTc<1I@#q*a4Ivq3kT(qJ1nJCV*_O?vUxVsg(U~-VS<J{xTT>Bk8VFqi>
z0HuQLd=wC)eg#dDI^`UwLC<URlRtu?M04EjF%-ZSU)N>)6p*OPTkJ72CPLG49&(n*
zLlJi^bmS+rGdsMwY6iZ$ICr4VSy;$pWzW2BpyA%%!IvrPx8S1qDif+Ka|m>>d8SLU
z6Q>mE%6P(u$ecAS{8M-_L`?MhXmJ?j(^;hs?-rspy$YW~U}~0GYNKZNKRrHJoKe>&
zSvMeIRCaFSIf6*UiA{oV8q_UGBs82k-d!Ky1b7y?@J)z`d*lxvhhWgSuL2<#>FrN`
z|I)Ok9%t;LdEvWbiHYzOD?b>K1vU_B!_&fCZKsnoV=70W0q6r`c{*+LR=iwB`bEXE
zk_>+y70upqbG=2SE}Inc)0{4)uOQ}i)jgfSb7y-q;&JRVcpX)_ZZLwaEZ5dCi2H$s
zmB*!dTpabflPJSF@Nfyza;DIEgE5I@Op5fw^n8D2D030B=$IVziMx1ulh|o^9b!q9
zu-|Vx%(M8>mBIIVNPnp@y3_=iPZEJFQM;-rKk94xOOE^~*TaRM?ES=4sXIN1lR$b;
zQ(B-iUwhg$5{LnM!*(CW7l)b1h(={!A>?{VY|o?YmRR;PoUsC|pqkr6#b+%+-$$g}
z6gtKm(1ok>vbsh}i#&7=PT3VpE}?N#BRtOaMn|Z=rsESu5rdNXA-_B3yNgv{UtV;L
z=Pszf+LRgk-gtXpx7_67G&-*a6?Qv=QRJD;E*0rq*|?K7s=x4_#s$qG_fGXolZAlm
zZ*Z37Fx#J&d83G+Baxz#lZVRsl~0yGb3CJw3esch#A&N85(?Qn7oZ4bTL`{ZIWz(b
zf4WqDbyd~I{Y~8LXWu8Ji5mNqigBbo-74Zfb4Yr*Qw(WF8VXUA>3f<@PUu}YddQ-r
zZv}IcXD;A;Q{4!X+B8JLfBRDHTif};+?Z}3Ue!@?$*x9mVCt#pX4vU?ToM>e_c3Q(
zMux5;&i}Ma3xC#me4aW9zf0U1_kd8E-YxYJh;H`*e@J>Td)WZec^A_Z!GELc1`p0s
z+<XASFLQ)=B37j~qfuQ`*HC={3y;ycfJq(YNl5i=E)N#U6r1<L??bQw310>E;7lb~
zn<WGyhAaa9rox~o3eLFuQ|XIGBGy<FxKaH{nPH`Gnq7CpK9h{Z5M&y0X_{{H!(k%u
z#bDXetv&;Di+U>@LuKYjYH^>ISZ4!l0CoWKMn|Z^oQ`C%f@HC<t{pEaFB;Q0LC%Rk
zhhKGw!eyg0ChM!nm+z|d2fqoApbx^Lo4jm)NxNsU$B>j#+sF1=xPfBKVt7IW2&fgg
zyaf6k22fOF2^0A;&B_E#sU61!{P5_UCP}Jl*aSF!Un)+JrD>9Vm-?@{=X5sFxDB8_
zE1^Wfk;`tI_7PibDbCLO1PG;oTRKFMr9~~=ZQ#OB13F@m=L7K26ytlk_MHtT594i<
zc{#IX@@)ccklBOGA$-Y3wLLg;e3d+uo$!h5XaXIm0mrl!wd@if{x!^$_Z=>o=D^cA
z2@!E3W*-cwKPy<h{HfKCg%1i;G$F7t`T^U=W+oc}f-z>A7J1>!^0W-wyv5%C1j&94
zVOlqG`S&Jj8W}ZVE2mg&RkS~RGUtYu<5JN}C+)0-{S;;vb-h=d-NdRT2t?J2&VDXz
zre3!4&kY9Xh*ExiIIP5kSQ;CKY0NC!ca-Jx(grYc(sBYz<Dq#c-C%^GSxb*j)DmkB
z7Q%x%?F?C&--hBk1bF%NRsoh`NYWr$_n$5#;s!}pQS=vnd!N)S*h4K@k88QsdRghJ
z+_~Y=<&@ru8Ev7{VsZ7QS_Mu9c8F~Bb8!^uOt9taoSZ<t(eh|azsX0Sv;BO3+5Wiv
zn)h>WsCLx*;Ru7Y59nXuUREb#2;#%Yi6Bk-jY3UAK}#eGfdni<Cy+Zru>)=l2WR>3
zE~e_N)!l;Gs^%rkVYeOnN!&h%lUyo3fK7UPCzE>yn6Q=1zNVW&m-XRQK!?<H_v4SV
z<vSr9OaZ{{m;6XdslKJx)Y7Kq4{SUTwuWPeK;)-91om8Y<3efB=*WJ}Hojr3xwFE!
zX5iIS>uBd~NkR0wx8$;heJ8xG4Bj8Yw<G(dn$vk%1`9-{=n;CK{YB%tOQ#oJu<{Fz
z!1~YX8BdeySQLIm7d23GPG&hI5kQqP-Fq2g_y=)<`zsqU#8By#4~52?5Tb9>RaNDz
zQMXh0J(`P_N6dbP@ONMQVVJfI+zrP3$-ZAX$9)nhyj$oJ*zjjZh{UMPbvW5y$c=!1
z>DYjoPei~_uniA6hHbBEI*)Q{*^*Q+^eCaq2qj{12F(@1N(-}f_=!dFaOH|{x4Mmq
zX&DYcnJp+HHt{mmDoS2=&{N9WldaFHA4qGIcWU&Yu^Tv8cyxYuX_^qi?4z#w(BouC
z4%<zs@wJr0ImUmr;IxLz0(L7>K}G3Hf^i|brhC+jLlr()3WBeGn3HA*6a$q>*pXNU
zIk5gpXs1RlFna+a%P`m${Xefyd<_VUd<^T5C$K{}hyALt_F1y*5cqvGGE$5R1_k_7
zs|#ObjLah$Dyet=%&H8>8daFw$G0s4Vq-Sm=23eULY<?Ox7d9Z*VjpO=XMKsG8Y&G
zy01gWfmDO9bYjUg-gnavph^1p4j!2&0l<|L_Jtf-v;~zSFF8GDGveqh&l+iDqCKWs
zdg2}SSCq1$x7E3E5}O;^gPJ;K-l5hS*j=n}th5i`90g>KWIVGwffaRZ2Kghkz^T5g
zD8$(biLF<Kr#P6}`-D-5?{*U4PzVQwnU9(ju+v&^!>L|ZQ1fz$vpFDo(uXzVPz50L
z!zJ6%(!UT?_PpKMiryYX&AO}Ut9wM#xrL!A3ML=5ns8%viN=7Qr(pI;OXwoUJlW0v
zm`h+tVwqW8P-V~9i*)G%w=u}dOghb|VbVua{ud_1^ha1<%_!+imcO$_in+@fU292H
z0k9eEeAZ_Se_-)0Qwh0h86i{G8Ag6wOq`#Fz4nuVkH;{kKOwcMCqp9fi;hIbms1Ws
ziKsk6^}z<f{9(q!{EN_XjWa?%XA)GDFX=ylBaC5?Tt*(mZTzl$b1^+}1LrG4+0cfO
z?XL_&W~7Ky(DKF)#@gRg@x~$XK|z$WIaSiewA(-1_TIuo(Tyj9g6rG}m<?NBY707V
zF@u~o+XlpG=B{c6w2`90r)oyXd%amq1odlY@7Zdu^QDS2w`zu1BD~abgN5bU`5*Jo
zI(Aig{dc|^vxQH{?^jR-+tA9fG@7`Wr<GXq08H0Na6I<&HZc_{|55-iMj52i{@p|4
zZ-fQVThja-_|Lr9Yhc6IhmLW8eFJuY<q!a8;Y!iN@Xz!c3P6+LvN_W}?<PY4&WsYN
zoSq4`SaH8_7I?Hw*}pr-!o`5iX$0E?I?r3u3IHW?&=ThVU#kQaG&~xPZuUJ=8@D|u
z?3)c=b!YuVj1!$ensx<~3*kd3mUlCYO=fL<%JneX&4b@P)D`fqL}I5p@x%=wI>&m?
zuFaDN)8eOa`@gj=I?ptuDzMAW;@BnrUT?;6^$}-)+yAGsZyYvN|G?n=P4ciz3RRKv
z&m`(ZpBIC+lZ7NxLdOa-I2L~($kL7~j;h)ssZ|+R9Ri7_YM-eZ2T>D$GnmgUP-yE;
z)bT(GXFm^s`KJM(+cr${GyrNnV9ISHCwJuhpd954`aUCbm<}kGSgy9^3Bqxjzun!w
zl?$oRWkeYh1;)}ZfT}g!l+>rjqF~$m!)x-}g?Av)u$vMR)e2r}&t|e;gPsH^BSNCY
z2Vlr>;H*uXN-LgA!${{qZjZJ@ZXtFx@e*Fj!5B^s6bdK+ojU}KA?sHak#!w#MNx#z
zFZA83e>sLWV9^Bu1JxAJR)?nEr)2=+vKnK3u~a9SF_QI0`V9;}ji^-0RDf}fYz`sv
zx25mWJL5t#LOW?LOeuY;FU#T<20wb}OdncF@@PkoXz-8P+zVU3(XNCZ_ASFsHU46%
zb@*%Kehs>;HUSymEphR3k9?DLpI$#xnURPkbETzrPMb=hEU8}MYm$dR*^g319(9__
zo?H@>LmGyd{4N<z4FK5A^$?o|$kO-=;()zRf+kDcjs$62#nRrdmbSKBnzk}Ieac+p
zG~O(Rn=ICDI{l)_>bNAqNz^l?5%TDx!g{+ZETKoje;^m^t67>!TrKt@I5bKg>V7u>
z*yqU-9u~$#>AwJ3MoB2|RV`s&a7i{QQ@(fEpyDi?^D6w#TMoIrC0JLbR7~Y<%M)R6
za>4O%H$cqfDW|3le$C;JQl=gk$7V+zn<-kX*ILlu<|zX+?Rr3qO6(O|do)SoY&Tbu
z07+TY2LVf=V6}pT`gSCfFbMbQL`hxEu^_kOS=k@Q!L=_ndo_n9gQg_g*ZEeeCo=<d
z#dCwhW%*>%q+V|jOPXu)-_5lzKQ1XeER{(IXX-GnX6iFaD5P!sHYhk{eb@E;;w~$L
z|8R6rhyQI%$k`t8diylGW*OyhYuIK%z_k7-?Qm-{lfRVl!@ZT2o?|)K44gs}U(nX3
z7Z2f15y;}F+FnK3UJ(ki#ChLO(d+x65qG4#=!aTz+asywajgI3!P58c-^?zz?WX?s
zmq{!5x>!wr+SUZ?*;|e>>qBhYeXdR2vn~^uD@zkF+mKDZz+0IN|EhDG*IyVKo080$
zF6p(SMVORozZ1FX7iIDMvGST;q<svnG9`*7oq}Lpw^rHH!^xR^^*zec!m^(jr%A|x
z*_%~TZiP5k0kft^V*G*CIXk*PAZ?HHd(J}T!*BB#?QTU*&5*)R{2OgsKRSI`#uhRB
zml&FOS3harFg4bG{Lwqh0r0w2JwC)Ddb2v7LVN99gB*@qyCaZjq|0ANP<!8}IZg-G
zWV){&kuDGH2)433PhS^HWi9GJEZ-3wkjfIXF2MOCD@)znmnk5ua7(adhGOGM>ta2U
z`H!5l`cOH|zTn*ch5g5I?>ndI0}FResDgiVIyGb!8J&!1fJy?`(Jy>r*lM8VJfL0*
zx0{N0C8LWPiHb`e1m^|QsOo&wa#k_a-`^cF^t69v$MPIJae6pk&0#u-d%cz)leSDk
z^}{^dbEWsT$p>Mupm6ylBSqh1MhH?;oL$}DWbD*f%x?3|liC5k4QYSh<Vpc{Yq6{{
zZh|g@VCOtx`7*vb&^BI4hK#5w3UuNA%JUwb!>E2)qW;%QT`s|~Gvwi0#0r73*Nqpw
zpETFMX-3!)xNu9asKX;%*Hz>eo&KT1)g1Y@-O&T~ZVw{`&+i~@U1+B?-@Ev|yYt9<
zVvA~kq&x_|eglPZ;3r)seFB|)vOMp~*I&y5U|&a4=lePsn))MQ&!Cg~S^-k$4Uy;+
znq)9lx^0c@)zXghd*cO-%QqV+KJ4-WYE!mNH1R{AL-(lGi>6TR`&!FVFoM)lxFfrv
z6*(q}3L_?FNrIhA8jf<JB9DZxvd)!=E$S#UOke^YerDmF0iRJo9nZihW1Z7f#wKk<
z?U^$*M55Z|uDp)p5oxN#Rc-B;PctG7pT2n<#3`Jd6b0E&wCpkDWN!6VQBB{0KN$ge
zE4bsTGv;UN)R=|irxec(_E#PQxi{C9N|R^P$|fu2^&dZEXs#5d`M1A6<J~jVGx&Iw
z<tin^I}_^Cv|?q$e}W%3Gg{_!;Owhgm${UCd%$+cch@ZXP^%cVRM5v@{^(YOc5PmM
zgKQGc&^_7|UEf*AX_ECzD(j(LtJC*f_;=Qq8nbM|U-Fw*j^gAY2Y<>v-Rv);C;v2(
zsDIqO828RQsqj2O^El4IsF6M*tmkRCPU37);Tf~Em!FO;@-Q-GVwNYbr)o+@=)RK8
zDMXG0?GqGlY2ENMlZfDI93||V3}1=fu<B6hgR#R$w<_xQO^?U-Mit=>+z4DK&`c_*
zikq<sma0b0VcZhR^sufM<z2ZMBXtdR$5QH8zHVBKB6c~+_=QK~`NL_2bxg;I*cQ_9
zJ{sq4kxR5^xkQRUPo-F%ZYI_WBsDq>)^ONLVQi0l#^+BTCVECd+CVg!Q<KZOu1FO<
zyjy0(NPk&Hv+>UJ<+3cWS_uRwYnstJo-d-sE3GDwKeINDf-j*r#4~V#9sbF{s^T1n
z&MRww<mpk7cIQP8y1k`J{RF39jlLrI_!|XJ5f%-aFu(RGj@iTLs_Dy{9W^Jud&Qw*
zwV-~X+bb%PJ?nA(FqvyT7cgaX@g~Ow*o0rl;wvoF50{g(qvzX7yz3`R=l?^@PdUXV
zKjVws6W+4;4#e<<j}x4mPY7?E2dTCxuWZInMj>n8TRPXq-ke1?M-zFCq^ns);aHRT
ztts3<1&8enR_R^(L|4i0MtjUx?2eJsg?GO7FMR~_>HNj9{NlR-VHUD+v37j^Zts+u
z4E>eIOsGWSd8Jd?oEee*jQ1bkaX))Z52^NM+Eh=JJ@Xl0UQ+|{c+Anb^cg5}0N+m-
zLJD7b{!YWGEC3?2xBFC{7kEvcWU+BupP}nk0ub+nhoVZJ@#nxBK$eRB)AP3+2Iv4Z
z>Xl5SEdO^2H#QEC{fj4_w8p*%Fz_`KZ&BJ`R6|Y$$VTRXqn^*Q0sow8+WymEX+ZXs
z*u+0NTo`ci_V=Y!t7qsM3CMB;<ncbAc|93#-pD@l+_YDKtSOw7-G3VT|Gr249}%&r
XJyA_R55_!w3rto@L9#;JAmG0MlXNbQ

literal 0
HcmV?d00001

diff --git a/src/pentesting-cloud/aws-security/aws-privilege-escalation/aws-sagemaker-privesc.md b/src/pentesting-cloud/aws-security/aws-privilege-escalation/aws-sagemaker-privesc.md
index b5cb2fbde1..29bbc001de 100644
--- a/src/pentesting-cloud/aws-security/aws-privilege-escalation/aws-sagemaker-privesc.md
+++ b/src/pentesting-cloud/aws-security/aws-privilege-escalation/aws-sagemaker-privesc.md
@@ -105,7 +105,7 @@ curl "http://169.254.170.2$AWS_CONTAINER_CREDENTIALS_RELATIVE_URI"
 ### `sagemaker:CreateHyperParameterTuningJob`, `iam:PassRole`
 
 An attacker with those permissions will (potentially) be able to create an **hyperparameter training job**, **running an arbitrary container** on it with a **role attached** to it.\
-_&#x49; haven't exploited because of the lack of time, but looks similar to the previous exploits, feel free to send a PR with the exploitation details._
+_I haven't exploited because of the lack of time, but looks similar to the previous exploits, feel free to send a PR with the exploitation details._
 
 ## References
 
diff --git a/src/pentesting-cloud/azure-security/az-post-exploitation/az-static-web-apps-post-exploitation.md b/src/pentesting-cloud/azure-security/az-post-exploitation/az-static-web-apps-post-exploitation.md
index 026c9f96b0..66591865d8 100644
--- a/src/pentesting-cloud/azure-security/az-post-exploitation/az-static-web-apps-post-exploitation.md
+++ b/src/pentesting-cloud/azure-security/az-post-exploitation/az-static-web-apps-post-exploitation.md
@@ -33,6 +33,48 @@ az rest \
     }'
 ```
 
+### Read Configured Third Party Credentials
+
+As explained in the App Service section:
+
+{{#ref}}
+../az-privilege-escalation/az-app-services-privesc.md
+{{#endref}}
+
+Running the following command it's possible to **read the third party credentials** configured in the current account. Note that if for example some Github credentials are configured in a different user, you won't be able to access the token from a different one.
+
+```bash
+az rest --method GET \
+  --url "https://management.azure.com/providers/Microsoft.Web/sourcecontrols?api-version=2024-04-01"
+```
+
+This command returns tokens for Github, Bitbucket, Dropbox and OneDrive.
+
+Here you have some command examples to check the tokens:
+
+```bash
+# GitHub – List Repositories
+curl -H "Authorization: token <token>" \
+     -H "Accept: application/vnd.github.v3+json" \
+     https://api.github.com/user/repos
+
+# Bitbucket – List Repositories
+curl -H "Authorization: Bearer <token>" \
+     -H "Accept: application/json" \
+     https://api.bitbucket.org/2.0/repositories
+
+# Dropbox – List Files in Root Folder
+curl -X POST https://api.dropboxapi.com/2/files/list_folder \
+     -H "Authorization: Bearer <token>" \
+     -H "Content-Type: application/json" \
+     --data '{"path": ""}'
+
+# OneDrive – List Files in Root Folder
+curl -H "Authorization: Bearer <token>" \
+     -H "Accept: application/json" \
+     https://graph.microsoft.com/v1.0/me/drive/root/children
+```
+
 ### Overwrite file - Overwrite routes, HTML, JS...
 
 It's possible to **overwritte a fie inside the Github repo** containing the app through Azure having the **Github token** sending a request such as the following which will indicate the path of the file to overwrite, the content of the file and the commit message.
@@ -64,6 +106,77 @@ curl -X PUT "https://functions.azure.com/api/github/updateGitHubContent" \
 ```
 
 
+### Microsoft.Web/staticSites/config/write
+
+With this permission, it's possible to **modify the password** protecting a static web app or even unprotect every environment by sending a request such as the following:
+
+```bash
+# Change password
+az rest --method put \
+--url "/subscriptions/<subcription-id>/resourceGroups/<res-group>/providers/Microsoft.Web/staticSites/<app-name>/config/basicAuth?api-version=2021-03-01" \
+--headers 'Content-Type=application/json' \
+--body '{
+    "name": "basicAuth",
+    "type": "Microsoft.Web/staticSites/basicAuth",
+    "properties": {
+        "password": "SuperPassword123.",
+        "secretUrl": "",
+        "applicableEnvironmentsMode": "AllEnvironments"
+    }
+}'
+
+# Remove the need of a password
+az rest --method put \
+--url "/subscriptions/<subcription-id>/resourceGroups/<res-group>/providers/Microsoft.Web/staticSites/<app-name>/config/basicAuth?api-version=2021-03-01" \
+--headers 'Content-Type=application/json' \
+--body '{
+    "name": "basicAuth",
+    "type": "Microsoft.Web/staticSites/basicAuth",
+    "properties": {
+        "secretUrl": "",
+        "applicableEnvironmentsMode": "SpecifiedEnvironments",
+        "secretState": "None"
+    }
+}'
+```
+
+### Microsoft.Web/staticSites/listSecrets/action
+
+This permission allows to get the **API key deployment token** for the static app.
+
+This token allows to deploy the app 
+
+```bash
+az rest --method POST \
+--url "https://management.azure.com/subscriptions/<subscription-id>/resourceGroups/<res-group>/providers/Microsoft.Web/staticSites/<app-name>/listSecrets?api-version=2023-01-01"
+```
+
+Then, in order to update an app you could run the following command. Note that this command was extracted checking **how to Github Action [https://github.com/Azure/static-web-apps-deploy](https://github.com/Azure/static-web-apps-deploy) works**, as it's the one Azure set by default ot use. So the image and paarements could change in the future.
+
+1. Download the repo [https://github.com/staticwebdev/react-basic](https://github.com/staticwebdev/react-basic) (or any other repo you want to deploy) and run `cd react-basic`.
+2. Change the code you want to deploy
+3. Deploy it running (Remember to change the `<api-token>`):
+
+```bash
+docker run -it --rm -v $(pwd):/mnt mcr.microsoft.com/appsvc/staticappsclient:stable INPUT_AZURE_STATIC_WEB_APPS_API_TOKEN=<api-token> INPUT_APP_LOCATION="/mnt" INPUT_API_LOCATION="" INPUT_OUTPUT_LOCATION="build" /bin/staticsites/StaticSitesClient upload --verbose
+```
+
+### Microsoft.Web/staticSites/write
+
+With this permission it's possible to **change the source of the static web app to a different Github repository**, however, it won't be automatically provisioned as this must be done from a Github Action usually with the token that authorized the action as this token is not automatically updated inside the Githb secrets of the repo (it's just added automatically when the app is created).
+
+```bash
+az staticwebapp update --name my-first-static-web-app --resource-group Resource_Group_1 --source https://github.com/carlospolop/my-first-static-web-app -b main
+```
+
+### Microsoft.Web/staticSites/resetapikey/action
+
+With this permision it's possible to **reset the API key of the static web app** potentially DoSing the workflows that automatically deploy the app.
+
+```bash
+az rest --method POST \
+    --url "https://management.azure.com/subscriptions/<subscription-id>/resourceGroups/<res-group>/providers/Microsoft.Web/staticSites/<app-name>/resetapikey?api-version=2019-08-01"
+```
 
 {{#include ../../../banners/hacktricks-training.md}}
 
diff --git a/src/pentesting-cloud/azure-security/az-privilege-escalation/az-entraid-privesc/az-conditional-access-policies-mfa-bypass.md b/src/pentesting-cloud/azure-security/az-privilege-escalation/az-entraid-privesc/az-conditional-access-policies-mfa-bypass.md
index b1a1ff429d..1ded8ded5f 100644
--- a/src/pentesting-cloud/azure-security/az-privilege-escalation/az-entraid-privesc/az-conditional-access-policies-mfa-bypass.md
+++ b/src/pentesting-cloud/azure-security/az-privilege-escalation/az-entraid-privesc/az-conditional-access-policies-mfa-bypass.md
@@ -44,7 +44,7 @@ You can change the user agent **manually** in the developer tools:
 
 <figure><img src="../../../../images/image (351).png" alt="" width="375"><figcaption></figcaption></figure>
 
-&#x20;Or use a [browser extension like this one](https://chromewebstore.google.com/detail/user-agent-switcher-and-m/bhchdcejhohfmigjafbampogmaanbfkg?hl=en).
+Or use a [browser extension like this one](https://chromewebstore.google.com/detail/user-agent-switcher-and-m/bhchdcejhohfmigjafbampogmaanbfkg?hl=en).
 
 ### Locations: Countries, IP ranges - Device Condition
 
diff --git a/src/pentesting-cloud/azure-security/az-services/az-static-web-apps.md b/src/pentesting-cloud/azure-security/az-services/az-static-web-apps.md
index c31e441aba..2c626cbc1c 100644
--- a/src/pentesting-cloud/azure-security/az-services/az-static-web-apps.md
+++ b/src/pentesting-cloud/azure-security/az-services/az-static-web-apps.md
@@ -5,8 +5,63 @@
 
 ## Static Web Apps Basic Information
 
+Azure Static Web Apps is a cloud service for hosting **static web apps with automatic CI/CD from repositories like GitHub**. It offers global content delivery, serverless backends, and built-in HTTPS, making it secure and scalable. However, risks include misconfigured CORS, insufficient authentication, and content tampering, which can expose apps to attacks like XSS and data leakage if not properly managed.
 
-- **Routes**: It's possible to change the routes of a static webapp by modifying the `staticwebapp.config.json` file. This file is located in the root of the repository and **contains the routes that the app will use**.
+> [!TIP]
+> When a Static App is created you can choose the **deployment authorization policy** between **Deployment token** and **GitHub Actions workflow**. 
+
+
+### Web App Authentication
+
+It's possible to **configure a password** to access the Web App. The web console allows to configure it to protect only staging environments or both staging and  the production one. 
+
+This is how at the time of writing a password protected web app looks like:
+
+<figure><img src="../../../images/azure_static_password.png" alt=""><figcaption></figcaption></figure>
+
+
+It's possible to see **if any password is being used** and which environments are protected with:
+
+```bash
+az rest --method GET \
+--url "/subscriptions/<subscription-id>/resourceGroups/Resource_Group_1/providers/Microsoft.Web/staticSites/<app-name>/config/basicAuth?api-version=2024-04-01"
+```
+
+However, this **won't show the password in clear text**, just something like: `"password": "**********************"`.
+
+### Routes
+
+Routes define **how incoming HTTP requests are handled** within a static web app. Configured in the **`staticwebapp.config.json`** file, they control URL rewriting, redirections, access restrictions, and role-based authorization, ensuring proper resource handling and security.
+
+Some example:
+
+```json
+{
+  "routes": [
+    {
+      "route": "/",
+      "rewrite": "/index.html"
+    },
+    {
+      "route": "/about",
+      "rewrite": "/about.html"
+    },
+    {
+      "route": "/api/*",
+      "allowedRoles": ["authenticated"]
+    },
+    {
+      "route": "/admin",
+      "redirect": "/login",
+      "statusCode": 302
+    }
+  ],
+  "navigationFallback": {
+    "rewrite": "/index.html",
+    "exclude": ["/api/*", "/assets/*"]
+  }
+}
+```
 
 ## Enumeration
 
@@ -41,6 +96,11 @@ az rest --method POST \
 
 ## Examples to generate Web Apps
 
+You cna find a nice example to generate a web app in the following link: [https://learn.microsoft.com/en-us/azure/static-web-apps/get-started-portal?tabs=react&pivots=github](https://learn.microsoft.com/en-us/azure/static-web-apps/get-started-portal?tabs=react&pivots=github)
+
+1. Fork the repository https://github.com/staticwebdev/react-basic/generate to your GitHub account and name it `my-first-static-web-app`
+2. In the Azure portal create a Static Web App configuring the Github access and selecting th previously forked new repository
+3. Create it, and wait some minutes, and check your new page!
 
 ## Post Exploitation
 
diff --git a/src/pentesting-cloud/azure-security/az-services/image.png b/src/pentesting-cloud/azure-security/az-services/image.png
new file mode 100644
index 0000000000000000000000000000000000000000..fc9c66aa016b99873dfa413ca91e2ad934dbafb5
GIT binary patch
literal 14254
zcmeI3WmH_v)}V3sKp?n7aF@nCgg_v;y9al-;O+!>0t5{NcMa|k+-V>*8eHa(y!X3z
z&HSA;f9A5f=_9*rSDo5>KUF7OQ9%YBg%AY_3JP8JjpPR?DClP3cn=8y_-_%HNB~^W
zvXqcel$DSmS9G*9v;1fZ1w|k464xdt?tmLYCNF#IKe$MkncqqI&T_CXFy9`F@zy`^
zaF*$0YoJXUE}EGeKEO$$4xalHvzVW#wjvgD^dv!J(#qKE5EICrZ`{L!pIFb{ldFh>
zg*=0i;PeOkTK8r`)eSPDZL`B<$$oJ}uaQ#C2{%!>H=}K72K1ep16@tVv4}w3C20@h
z^y*&6V~CY(@jKn!jEmgLC>Xx`?wZlSS`Y2U;kc4dS2has*Mqx~(X3_JKd&24>g_|@
zi)n(%K0Sn!dEO$La}wR|VP0O@lrAqvjVSDs=D))-_@o*5i69}`@4l<dFH<mr8EsDX
zn=~{Twi52E58cY!6R&z%iQ~MW#a+ib&daTf15c3o1`ZZ$5y$pAy|m^%)pH+6SY(pT
zEY?avLo7}%e2QChIE|4hzd0~R9~7IueVtD*RgKBpC#@VJJBKwo5-l<;0+g+0sv&D8
zFAv2493w$Nhgw3x0Y}ilmk{_uLBS@3Kp_IZIKWpj7v^7gp__AI|8)$t_be!;EFmik
z{3;tenwr`=S=c!*)+L7mS<P9hXgF)gzXKWD*{~Rz*cq9!xZBu2CxH@l2LXpRrp|`s
z?lvE7oj~qFlz${Z!142CR!Z_eBF@%Alp6Ai<Pvs{rsO;<Y%FY)!YJhA<bsYSW}pv}
z(*Gm}&V(o}oSp4KtgLQsZY*w`EOw6OtnB>!{H$yotQ;K7fCRIXhpn@rJF~45)!$71
zm5-#Uld+?vy|bmAE%|f4hDLTS&O(%w&jtO@-`{$gx?BFcBwMF{ngukF_4y7fI}01@
z|KtrM6@0!5QnYk8{irEvX#=PSC_|WolU?wS{Qq(1-zEM>N{xS~<l^G^&y@dh=YLPB
z>SXFDVP^vr=`8&3p7|&7f8P8jp&;vX%l|_Yf7SfwDxha!6hYSi=`&%JoW&MwC@9Wh
zSxGS!cj%)m#56pqxsY+FAo~1#a%ngvcBZs>;<?Oko6WmX<&S2%^R2s?R3Y4Z)dX|g
zd&E$%UyzK%m9UU0VW*#NP~K~=O#9f4XT92U9e2w%w{=rjS5<FQ)h+2R%}y7UqNf&x
zdHyIW!W^NbvzkT1z43qk5JNM7)ZlQ)p>fCq#9!p*GdiDgIQ^AXasCSX_b8ZFR7xGZ
zX}bG2%@?o+;@=|_dH;yYiN4{HcqrsJC}hRS8VukE_~52P;pyf@rhcXZGKR*<%{L}_
zE&>{do(r0xSsb60Q|3=~M5P8m|5VHZM#VXpMb9keZ_OfNT>ez>P3{ET7ch!$>j?34
z#&J-1B!_>Bh!f2N3dC!6|IGiV`anbG{uJ@whWxunoWCHzb=;ptdf)Dsob9CQ4>dY$
zncVE8rd}Q`h02y!R3yW{)DUfUJtAyAEd(KZUrfqy826*4Hf9TX4GEr)C}$y?mZfKP
zrm-7um*n_5o{sUZdDotFqw?Ny5>Ozki09HOmQouyg?Rj`889iY_|8DIvl+?Cf=K3F
zP3*B9Kb0q;3I^9&+FFx(UVtgq{GQr|FM}|J>6h#}e6%Gd%+6c(vb~0E8di4C{Ccrv
z25C}trpz?iwq~Ws)fYF<$3;@NVgwXceXew`#Fc)ks+%%6T7_VcFf^?BwhV7BJB>3x
z-S3H%)3(fJelH8?{ZwZOqgo37zU(NszufeVk>H(m3<0~i@XdB&buOg+&h|6EQ}MFL
zUKa7sU={bN1UTWlUz|<rfvDXwDv9~!yLG{x?&2^NZ*m#%R(!5j=)R2$d%>Z4R@@zT
zbhQ4S(;g%7bzSu^zrsHqMEyJJa88i6`wwdUo*vImdNAcuS#-O%mpnzm>sbc-4pW7)
z*>acDrOGAE*v6Mw-@MfbD{IDo9QbYahUXc+nPY1gIVmqMKhL7v3+tdsb!WG#szZyP
zaNL)<XUn$uA(*RRpq7tgY4tcP^g>!f<mujt-!A;B<lX0~!scXx*CevJ!ARTElN3*=
z%yo(;a910lWYX19WFmSB!Z#*AKYkm9JEV6S<xcJ7GYTbfjT>fZ`MMp6Omo}N@gRSD
zvA<O;U-Q@iX+9h}9Ux;}1C+eY|0reLjZVy`IHzHZe&yDK&U-!Cc#bK2P2P&>Cp#{5
zwd^DzGMLCZUGhFv+qOw+PS4Axw6xUWWo)&ERJMZPsbqkvPJ(}Gk@a94Md0LF2$3!L
z+K}*Ps=B_9>i3^!8En4xA^MH#lx!L`=48It8!QoY+3wvt(5C(zy=(r^u-k1{t8(6w
z##5N(tAO^kZ!eDyi`xu;ELG|XXnO1<@068SCj3aGlgSP^le&!&x?BirDSD-|73d5B
z#490&D84cLyY?OnUdL_9=LQa)aeE`2<7m^Ntp)d3WJ7aIS{oe+bw1~#ybuzx%r8Wj
z*&l0v(4OTy-47(hyAyL;B@sIgQn0W(jq#VDV%ok@_wn&DA^;_bs$xy7ek>m@h!sW|
z9zS{S)m3T<dbpUD@B=lYK9mN$tsbO|{B(7H{mUE38<X~38dgZxkE)JG!Y_E{KkR{#
z?B{>&Q%b!oOP7T!Y(6c|`@6tt4`1Kg!JW*q{c6>V=vveDr>TTU5CS^N@!=rjf@!L5
zw^xe!Q<yiHCx$I5%fH}eIz&J)bP0jzqrqw*@Z7LCj(0Dd4l!1touIX-(Yy?i7ihX%
zw3c{ctf>27zi3$!JpVG*&->}&ibyh<`=LxSuqZ{V%;f&?>o<kmg5;A|^SW-jvQHo%
z(%ZftKn?Y$M9$8D$5*<0A=vdJOg$6JE4>Pho(paso3ibpcB;J`zjhirM@fy2j}IJO
z{CvOK?;wVYvj-eF+4$5G>2Pc|(+5)oQYCGhC#K>B@M1mNysqx2_R%4n`@t8SU#D}h
zML<%7;6X;wpuJEjZ;%m6kQxq4C4FwDcL3#Oj>mcc;%x&gNsTllmY9EPWq#E;cZr4a
z3M;k>ms!slq5bjp@J*|O>n{F4H1F!djcVjPLX<;?%GSJw)Sd`0vuz<6%5W;v{=DT}
z@2&q?jELJ|MFYmL7J5#mW7OUY7fe4;5EiYJIRPP?_^aNWfQ#-bR?B_44<lbP=+FBL
z<xA*^w#huStSjmXx1TCoAZLj$-(~PHPwHoekH<%_1jgZ4ydzhSfRtCYM{rStSH#)Q
zPW5XC$ovE+UX!|EMuYBeu1+`8e>HB!YzSrE4auMzbbBE^Z706hs?JTYZ&rH|K2Ao{
zf4t#g@y5IBoS6)KlcD3#hnFV+IsU$6+Xc*NhqhEz7L82AF<_|NJg#s?6nYKie4gfT
z-Y`(xOE6b%Bus(i1^B^yz4e0>Vo}BPR~FkS>KNf$@SEjRC6$zmfy2&Vd_4j%SCJP2
z2n)ph$^)U&=UK0mR}Wr%h;)9^&^w&KOguq!wiP>fe->2Ye(M|o@^=g*|CrfzSk(c6
zY?SCMuG0xG`t5!;U;hPX87s0jL`JG0^n2#bYS)?>f+C_K{-)`BDc(qCzw#haTU?Uj
zuWGt3vxBI=CnPZWBU1G|Evs)2%3DOZupGn+);q#j+b%wU`;L>v4SV60i@;)AnA0C=
zlS6tex~3dQx#u;UOO^F{LNPHPuF+#E&4VGnRb&N-$_jaiLeThLEHPGXgsYc$eYb~I
zWUe?Pu$$*SMk*xu^wHNywK!6tdv{srf-=z@FuIIr)BYE?A6Op1zpnQ~DWg$A(x>Lv
zB>9d*a2~&NHc~T$P;J|DSlh3=S0YMS!&%d=sU-B{ljMj%LXS=^+A%b*1@rIkJ-6>p
z1^7=2q=gOn1b*6eJW!6GOq=_<QwPjZDkeu@pksJOU-vYvz4(sr8Y^^ZF+rXZ2<8oG
z29tWOxGvfB;N$vE7~G)ifZ1I?Sn_eZBjtp~r-pa%1iRo2)6E&a%Y_^9Ia%)-(?o|8
z=UqN0qDKv-n!{ygim{5rUcLO8>9*>T*ODdr`qt2<&h+Z&dXOqs@?JF`yz0J%9?9b9
zeRtGA<#1<7pZa*s_3d@qAne5^VAo>=VdrUgl8~jl`Umyr>rPxRN~UMidie*YLpkJe
zM%Z#6*N-3XjxpPS<{o@1LYJ8drdH}HpCFs7pa4T%8*WXfzZ}ODxyL${kuo=N|B3*k
z+7yeC1II{Htrs+FbU#eLz*l}~a0bjZNMDByK#yCoBF)F<#h*)irall^T=8881k*~+
z4`=S=5JvMw3hsd)R0tJ_y4X?xuK^_ZbnN$ZIOcLY?6Zre?;p?^%aflUo%kg$$f+kb
zhHd3$p~hH(H<PJh*)iU_1-wvG01gwaCc}mimaV;*lH;`}<@u-qE`BQ&*H0~WFP~g@
zF)$5}IxB^*Ti3O<`MBOS&N!8Wi}AQ=_+a0t|MnzHEzvy3XHHXRvEHw4yrAnS%WW0=
zh)rq=@v85oHd-jcRF%F+m%g!7$vu_W)Y);#QT@E0li>+BrM~kFL_cKj`a8{m)V*dN
zVs@M;BhKLLB}^6%c2+TNJx>%pf0|Cuh}RFAROh!FYfq02g1={!ZJqe_X1Hh&As{Q~
zx14$iYz_nStZJI3cqM|~MKekE7VlgZr-d-kBP+MUv;rd(sz41#-<QUY@KmU<+|c2}
z?z?`i!M(*W+rT=K&G;s830V<vJkq~L_n4Z4zy2*!Y-4z8O8BBTpaNAkVNR6pM&40E
z!cxCCd@Z!ap-1RRj=z1a@Zv7&Z4p^CH*Q`y+1T<_j6*j4QlW@QtHbY{g6Z>8?}zGW
z{;MsS#zN<=QT(Omps@nhq62lBw+pcud(;yj;L02&OQu!gSqluf0-yB!+XQ4C7Yswg
zD|4i54Yxl@qw9|k<V43&X8X2u;;ZMLIG2qcQ3NHN!|QK{Zcf5`pURj3kMx(xsd8l(
z+ni*faa>~QB*i(!sq610zpFRwBALIl9p`m(B1VZ<%P`40H?un1j`#(3`cbe=T8aqR
z*hlfEpbI8BbXq`pK`X5~1hkO(Eq>u3#h9Oa-Pu%`xDiLcAhG8bL3o~nU%fV(`fUs}
z+<`WpCz_&Z_Nu{ceCW0HZTA~O4;(+csi}~k&?5=Xhja2~88$puN!Nbl^r{^*{zdVx
z3*2z7jgeG}@_R1c+`lle<YQZG0zAy_B}ENI%JVS+J8%fAa?%Iqldyh-49C+@zM6gY
z`GM_zB0IFLF6YuJFatWGsaXWZ^w&pvleXV;PUA}!1<~DmMxd9|I<yP9Hh~!atcpW(
z{<o0pp^#|8jhN9Z&Ayz3Pqkgehme&PUZj})-eMGKepxEmdm=jh$BPn?n^c<dhgR`;
z3d~3F1k6A(xiC+h>b<!Eh{KY~LrVvhrP070b-xG9w*Qmh^G_ty`<i`$$m`RdCuF+J
zbzGa2>eJ>6z=5NiWA%onwMoj_;lGf8VU{IVS5B2BXDiyf>Yhat$lu077^0SC3*_5P
zGhQas^Sx7f;aQ(1-i`bEkvZ;1hF$x<0wcQl=@+H&tRYm^R`O<&ZrwZO1dG86_Wp~a
ziVZ_6n?5{sw4U-j1u$j|5C%AHsxzG6q3h2ijCC-1km~cECwIX2rm}D9Th(|)^B4C8
zD1@@gG1YwX(>x>AXFu(GL=89&IoGyp<KFyK<y(k+c8J<8Z5+rAdM87NypUJ9F<#s=
zuj4ctrp~PpuCoL`S9}!7WYuaih8}ZTSMhz(3R}cdzeX%{Xv(aWy;d1Eo$dbjynfEL
zhu~pjFsX+)%&cTCA(Ii|H$%bf)yDk`{=Li>r-2W`4(0OSnpGr{!-@#L<MhJMWohX_
zFx7J7-uB!$7z=#rvmUsf3xmbr%MHlUbz7N@?a#8_!aWW3k$)8CC)tsLl*2@8d@Vae
zJ1$^KpdQ2W!jm_+g=j}>`7+crOKNx<!fT_D4~8=2viUS(9xChC7K*fUOC`sX1%Fek
zcitk{`*m#C>vMD=**(yJWFYYN9#!Ov+asrUxxyOZ3ttuFkkcTsWyh(tX-yWJu)(!k
zXg#3Z<@reslk*O{<VZ~V>-~Nnd_PpAgFrvBy}D*N)wlInUxtq0PZ9Eonf&~)^*Fdb
zm1H_bEKwiw23~Tc=S#Fcnn&7`Exo!RlWrDrdVC49d@k}s)sk;`_?3C)WUj-+zHG};
z3>!rQ*OHRVM{JQsC|18i=zH<cM=i(g;rewaR}&Pi<Mi^Aee%brX!If{XFb{=hp#G=
znzuE3ST`qIy-f=7lt1&X$KT6|5MH|LeBlMZyS^L15=nvqaklqfby6^W4*-L#z|4;u
zFomevZ%+0buGQ_Tc}G+0F7lj;4&$*A8ZYtWQ|k7UjDsA-(@#wCJ2*q{saBd_;?uq_
z@gypQ_MQ6vNRGkKj79do%wLoOSNB6K4r|84Mmd(RF_;nbOEZG;E$SXwP58WeXL86l
zj`{r=HXnD4sS@iT*CmoIDw%6##?dgcmWc{nbm7zOlC`lds#l+`eipt)xt_Kxf0NFv
zAYerGz3LrdIam?nl+{^d*|jbfj$DXVb2`??qFq07T0}e?JX0q{LaM|gTVPMLlOYo&
z{cxQymZy;?xEUBrnIuP+WbaL8Fjv<nk{Or8(^$HpENBVQuCjdGAY~O`XhuNVpNN1f
z6QAtEQ(X+1`;eK-w>hos4*fgFv>AQf7xvftJ8}hjwvTbqSD8ofb4MuQv6WoJls#^o
z57IVOZI^GorSHpe!?S&zdSwDIg)Sy~L)4-zV043I(I6!SN%<1%fHMlpANhLPGjGW@
zbn=QvZPM@-BS*Za?sK2DOmDfhwY-9ea7#+@J0*nE*FsMLX$S*Jg+<5%jrl=-@9J-r
zgLla?*@Y^shkWbeojyjzj#HBhCQ%K&T<d+8@YS-%3x`Zs>-PSA6^#&VR^c@+W4Dpj
ziyWo%lEqSR0@74PJ<`m2mzE|fRhc(jieYtrZ#LOlKD!+4smNUQ6~=~vgPGafPB#$t
z>a->=&$G5PMz??{lN7Q*P3TkYcvdtHw}uAE5jF_bFukka^x8b7F1c@ghqHRXU1+`r
z7Y1`h?jZ~$<{QW_+&(&3eAG<w<QYQEXss!NT0*K02iaii3zDX7EJ<5wa1|dhPyaTa
ztQRofKq?<;4E`vn_p~?_dW&}W)_#mqa~i?;)ixP|M)k=|jN~qdWcCU1eFoVt-BBxw
zESiVs2~#ZBKBAI_oP8{XDy|r;1qqM(4EH9t0(<b`GVr^a!3gUg{v^7Eq&UePgYT30
zheB;fiK_a(qA^GNyiAMLxrjHnOa9ovmw`nSlmOfp{RA}+rsQ)M`^(<AU^1JTw8A+=
z{$e$3fOugOxBdgh2mvsbpG<!)@kbVmLR1RBtLrah2*}3<$lQMu{#QBwmq$*(GJP`u
zVZ?yoB0B%n+}BZh9dHD&@0F&IXJ%)AR2%ku5V}7bW<A@@uzQOISL*8?1ecyDTF%%E
zI3=RH>DDX&`-unqa1{X4F#6nH#23VX-s<`MR{hLw97622>@d~l<;D+q$Qhi+QIT*Q
zFRmdi$0nWr(9aBU7>GBs`E|6<-2wFU1HdM90JCwknzL)#d8uhrKl_%UXQs1N3<eL&
z!bQpr0E|P}GQ=ARzJRwr6oyTuV|NUY#JKu7Ejd!Zdk6lf`*YLZv+7mkUbC-Ex<4U1
z0-=(+`DR*~B#e;fMcnjzk(HIhi9CsXGQNE594^Zb2M?61?pG^r5<4A$=Qj+rQI8`7
z%qDm-AyNCQb{L4JGpHwY;IwonDX0i4#1<Ruj$^>sM!1OV!4sv*bZ#qYWbg6{<zq)O
z`M<F%ac8VObH4a4fEDKOkJSm9#N>V!)B^p|U|77py`5PCklFjTR5cb$NGZ0eeb1Sx
zj0nnh$@lMb{F*|)kGJk?21pZqE`Q1>9;Y)D5hO<nynfi}E<BZYYPc2#$Y04qe>9P~
z0>|C2Z=rj#bU=-(J~phl;vBOjd8r9jzCF|^wLdjKX(o6!H#B*ff*!R_kmV+)DVxt6
zrV(fW(o4~{<>%e;IPJp^eSBu9fPQj_USIzDsa)B7P<FBkAi5n0iR*%4Z9k#)VAEbU
z(dr!#;m~D#tPRh2y8__EZ2+;M9{0VUx(AR$L2VC)KqJC&J`k2#_Ne@dqma<SeKW88
zUWf*$SBBT)yuM#nI{sHVJ%DjM$8p0zcY%vt0O+*x=0hiRGy>np`dKwwNi@u~U0vUs
zofR;_{Bhe=_ApU*&qM3^nA3E($m4Z^9IG_bxbWTA+%EB0qWSepVAKo&9FmI2wlPl!
zAcD0(OgH#Uf&scLl#jjxKv36Haz6usal!LOKDK1jKs`aoF`!*r&)Z~my&CPaDLK|3
z*<O&>p~Q}1a%;fAID*h5;}bd-!YZ#CMAvCFZCnE}HK+lI3YXZ$Bo&1XV0gF5Hbid0
zR99#tl=oX?PjPr^8e#xBWl8Pe9OLU*k&r?4K-^k!TU%+Oc`z77zNa9vYpu!j*!>J4
zwv_PgA~AIaC=819h2@8c$?Matl_c`byYrkUCb~@fz%<8BToLI^`WBZt&4HS_`rZ%6
zZ*lYsnMYUNU-gE+(AA5V85#1AX9YBuRsM~hZpIDi48yJP38<v2?I3Il1BTFr;(%vK
zma8M=G^cou{bUJ%hs*D<Q{LG7j`8n>&DO_L$utY*LJGc~#3-YPixNevr4F-p5SLGN
zy?8IUF_q71G11}Yw^xkP-Bi)>c-vK+VM|!-GR)k71_6Mqs8@Rzz%94$tqKkxRKL0q
z$$pJ(AUYhvG`0wz4N}3{U@hMW9Jjt827oT)9#9+VGZ7Lc3SI{|0mg2Q-=k=W8jKD3
ziqBI?lD=*Sa<lXPW_IaeEX(`GRo}a#9{RX!KvK9>VR)D>#~bG(5LvOXWHqDL8KMGE
zrGYIo3yn;8`9=xeSfMNNz3?ky`%Y-cBBVUfWxmWH)34g!B5149C4E7+yw+)c5eaUQ
z53USunL8~Lc%TA!3IiAn_vU@GJ$7I1A$qjz7iYlOj1Ws0KOHr!HQ$xJ(ZRBr(Gh$}
z`ZdQ3!tds>UzCb~DR|;9@Sc(NXr%GFj&tMQvZPm6-+dz(LMYO#fGY^hH4sl=)<Rbd
zRm@(jMlgt}i+;sPt4Kq{)PB7Q(ZX}cMPU{tRM~G7)X;m+zk|CcBfz=AdH<q(K;+>f
z(J7n9Myq<}gB&~(BD6Z2j%86Y&Y|jS={LLw^$ckEsjl8ST5-}y?vzJZkpn}#6~0||
zglk-GpH8Jpm~}y4A?vGpUPn92ScnJdEMkq;B(m@z7_>EY`_L~isE2{B_Ce@83!O~^
ze(72RiWu%Wb;?+1q=E}Y$d*39GY_k}Sc#EKYPrWcv9IptH}gg5)Z_#d3ddGIe_(_T
zM+ncwXL0e&6roW1dexn+eD)bO(0P~F303J?xU?3hT~_lXbJxk;p&j1O-!Io+Zt83q
z<1OeZav?0)wp2u7qH_~ceF{nlljHADOj|6+4BBrF_A2Hl*P~~C)6^=;-uVQCmj+!g
zVg(?L1?N`)cW${;ym*PA(>aUJMH_~nh2l(WZ_DJ2yH}Y9CI^W-&OhDGcihtxX0p}}
zQYy$UL<2VJXYe$sQ|_S}^nx}&`4bpQG}ql8Lji2@Wkbea0g1Yz)gCi*GAup!F?X3f
z3~|pwM}AT}tJ8<8cJP~vb0_M&g@rs;&g|<(8t#K#e3|kA3oeQ;GGWRxM?eRgXSt*}
zaY~V{P9%Pa%3a68KZ6%T#6)k15r<Jen^WraX(d|MtMn}bre>Mtc53#3vy;Q6S#^Dq
z4FeKJW#?v|V~9k&*c1q-QQeY6Lc^Kk-OV9RpjWXA-=vthN5RNRC<cxD8enpf-u~bZ
zC`)hdb;d4U5WYW=n2boZ@`n*wWCNi#J}=DGbva2hrf~!rfIcu*WYD&3C&*=HTvo0q
z$?)e>(d@6ZG+0#WvPmI7&*@V73S!>ZJu`_s_qMmA9w)v-H_=ra2BX-@a_yZ%xF1+p
zd0bj1#8Gd$h%&8%j+P;<=L%i77*j~bq)6XQFAiphvz9Q6Psl-@+$A$x#7-j{5KF4W
zg8|zSo~4hj41PDm`pZo*WhTIUk_1GF+SSDc(O)uNauh_n9xeW0A0Vbm+wD!70>XQm
zvO=AOy0h-lAPmqOwuf-Oc+4b5G%EW_A=fKndmd%Cr1BpTjFn&o)x2gZK5Gg3ej?@O
zuyNkNZd{$0HMLS&<YDu0%C1;)iA`G?5%I3KIzkP#ot_lM3`*ul{O*|VF4z40c+oZf
zc0t4Smdx<Crn^JCm1Y;Gu?01#@Vi-zVy_%_sVL{Frrq>0{l)h*E@%#U_o|<pEd*SD
zfwL_~*nYPz7)1sjixiihK2|lXdRqR-^@>3%%!sWQr>(wBEMo6kgd&t}CHPY9&;%^}
z=~DUESJxO1G;_0`f18vhYU)=i!IAQEtBn7|A?fW-F{~M7C`3`N?`1YMsdwq<A&Zi+
z9l}kXwTSaobu(CM%Mb<s?Mt<<?H7mh<GTHL)yE~Jdm1G{X=kEa;b#-^$zU+u$J`AW
z8M?~&fU|Bb{5j`|1?pt{ZgFSaLqchKx3nj~x;+H`Ch5iOV*{Y`9;PWmz-IR?9-O7P
z`5=T}<{0r*tXgeWqo%gLvE~vM9;0g!lRDaqkm~DvJ}i_eHt(hXhY$l2zDnw$*($Df
zO9(^^Sp@u5g+WmioO%Dd$`6l3tf@9=v&K`IVYPpTU3b$yi;Tn&WEy#8nql+ZVKV5&
zQ2FwmJ_B>BdK(-=Rn}-)Nxzm@S0ij7b|CU*XPCmgj%0~~WQnk@9WN;_8q)+p?r8vr
ze@&>uRg*L(>#L}j@2d5Oz6y_`55c0FyzF>MyKk}2kepiA&-Pllkz(9pWKsh#sFiuV
z1p1u@P*h}zlLay@$^^}6ohOC-@aUW-$*OAD1UUYmD^HQ7X;S=_2X46Mb+*vB4WK?L
zp+v!v%kG%=6I*O6&Mo)`3Z;TuJ4KPDMJ?QI;3CcfJ7bX-0`brk6MDN3oDHUq5^Pg=
zIdfzRYyxkQ*@Mj?d?`kCy*P4wRXmhk@JZ}w0-dOVC$tuI>=GaTJ<OC39Ilw=!85su
zk?|sC9}K8JDOkPyp*4Vo4+>H=A+Ry}4%^RWCL0NYF=m<(dEw0RybRm2%|7t#lKmXU
zv~J=G=u6TxGHS+FPPN#s?0EDv=Z2T#QqjvG?W%+I3^$9u*)PdyX4Mh|tZHS~02ek>
zA6vzzMgw$2DgS;PR$@XdjZMRJW|p0M%8CVP0~k4JIf3Pgu>8{=FhcR1rAHTPsWk@+
z;bFaYrmV~_LvbAfyn+U+Kua+sX%MaZ4;K<~gJi2{`b+<PPc;knFiX~xI<ECTR=R3;
zZg_M#rFUXR+vv1dT>WWQK~q7UBAWwT9K|}5Yy~=}r%-RSJeo3Y3lQjRKRsM^JgvOu
z{nQtx9sPbJ(jff<`e(S8H7OW^_%L!JNK^h}P*YIQ5=lZJ0gJFn<jyecz+1ziIsW_0
z>3VB*w-C1K1qpN59ftuDw@(oySBj5dlfJ&Gl-@xmY$dZV8D`Ms{dkqop|w2&_!Dde
zP6&t7faCU4el)dA-_m<}dCT%UHXaCD!?9B!$}=B<Jx|@ZNE$RYdQiKAZy0CptT3S&
zbUocR)^%4}7_;FcxuRj;1+OcE_nYwT=s}t0On$b(B9SS2q~50h(fFRSnZ*~Z{DPyf
z0dsoBGo(5eMPJZG4b+@dSdK^pP^C=wUxpg~Mx5mS!bS`+RC?u0q46e^=<7^%bp>nm
z-86o$=91+xv%ewy{pSD}rfmavgYf{eZ`aQ8o+3r}i`@d70qh7-7<G9Lrw5C9k?=1a
z8!-!r2p9@?;2|fl9o5Yj(N3+~k_v_%rBs<=L@dsr`65_pVYW_xv1lHyJQ40Tw{bBo
z!$BysMMcDBUZy%l$(v4kN_l&-jXCv0X^o05jb1c%0|yI_u5T{QlR}vN)YTt)oearg
zdnh%&lyNx62CNmH)pA+DZbvDoD1A;eE<)FIkA88a!Us!1@Wmf<$_#;Guqqil3d<lD
zHb4pO%*X|1KTu=^2HRrb$IYpq0fCXPVLkFBb|~kFe+||FOST;XzpqASs!`#PfWK-@
z(TmK{1tdcy^{yY;RS{TY3R4I8w#9&L%)#3_?x;qnca-uGd#L96GKKEkVc|~Z0)s&J
zW%wkBYUq_t9GS-Z9{NEvNngLAWAkLdapi=4Ax9QtL8Zt`PS4qbI5x+#P8yYDkExcC
zbdUW7rF{5pO<ugj)~5E5rjD6Un6(CWH!B<~?c-NR0hwbNubeJmMID<#{#Y$&y8k*F
zac)v#`&H2y4yN`2VKm~q-9$JP!XaVi<7Nfy^tQVQs@Ij&yj<dJ4v1d#;f=Xefd~U|
zDR#8<F9emn?sm6hc7{;1?`!+(pU`yfU}%a%$j7WE-B?{>FrXJGn0?a|yU8(6_X<Ad
z5g3wKX4Mo{+cWkdUAe$*4zV(m&M<12^wU)QaT8((BCW4ym2{>m-q|9>-sg_3w<f6o
zz8UR8_9u)0VDT<X3AuU&Axqa8Mt(v}oS%lh&eOoxV+1pRkXqG?A&K}!XA<MfX@}k<
zR34#*5CdTTFymqVNocvw87ZGT1u8C(44A|b#xO`JClBT}epj)zl##TF^M#>&c+<%C
zXQm-DQsfzEW%D~@-LL5c<IsfQV9L4NYH4HIogeM{Z(*Y8CXzrQ^=<^rhHWpk1)aB<
zK~7ukgW@#v*R_M%NHO3uH6!HxzHBCfhV}FJY_&H9QYBg2wZklt-s-p^!t(6=PX*_l
zd#bzvyI+jiA|~YzDyc$jXysU%OkB*<ORaeT(lr{Afc<xym<m-u8Q?EQ8>G?x*+Uax
zgazO&X?_m;zg+A!u;J@N=LA6CfE{4D1i)E@Qp^baU;KswU@}}bXWGBJ$q;}uqa-S)
zzkn@H+&_W^9xY4u&(5(3F<^5V!Oo!0-z{l{Kp}F_66XJ37YQnCd@>x{>VKj(Zhurb
zFdMn<$^L;DFFJ`d;|eAh!iP|->}8dh%-Q-@=wWo2hrD~NFXUZ~!cKGIi62IEj`NvY
zUmy>m#ZTo9cxzpJk!46#XqS`Cu}A!^!HnbjBhDaqzz=1=cx<YH!J&uSlo6R!s$%6I
z$<#@{FNSQVib$q~P84QwEPg|fr5#lqRkcOZsxz@V1(HnFK2bFdp(g!eFrQzf(AJ%-
z=YbN=`8xm>o(F(#`v}SN0I2hTsj!Wj+LiN%a+EXZ|Afq8I;dD`xz?U92*+vuc5mlS
zF0@jY5oKHy7)w6^RBO5=sZWhX!M6XK*W{NA?_iQ)4<#hJ4ZPfu!(_h>Jp~{mLZYNc
zV90Rbtk0NAD_%&$NasTCj(0-uAa=D065h%o7)}lp3Mc^19R|jb^{dLL`cAmwXhP-}
z`tCJ99m5*2=z@WPY6_HAkEY(QWdP%{7HfUETrZh9n*B!l4Gcexs8s57pmD8iE+O*Q
z<!{ov6GF2>yXh`Wsr{-i%i|Y^K6>cP99c>7Xvd6d@Q>L%2wT6=u7V!%E5}YV{%ops
z^mFuK9lE?O5gFetY3XX8e2evfUO!8jk%%R0wY6?un@XWPxk2GevWGzV_cBEub(*W*
zJQ9;58iv?{ZW&Guz_Fe0B{mI|r3nzk0sEW=PnEhI3(~fUrN3V*YiqqSZDVrs%v$F(
z-YS8cD$#B}`>e_8xGcd*)H|&a`sAy^dbcJlp+~}hC>P?VS(ZgyBlaRBELtAwVJ{Ha
z=gATg9?nD=un1W}Nv!BoEoEMGNiix{esI~O;w+l?F8an>0lB&(*ifZZOyh0O7h!O6
z!SQf6K+NK)pr#FZ%@Kf7t{xxHW=9>DC0e4_Ryfe^B?B|#dPs{(>>XEkJVoPdH(#0v
zNnO$h0ZXA^wZg=P4kVLs2>01!X?^X9Ah+Xr`ESRe_0P5YwMQmHrX)Kz1y-u3vx9Uc
z^Ft%$1!U5s-fs{~TWSm5&3CLkEh{`OmrI9a=`gNk=`%_wr0@7ODmZ0-)Ajo7E-Qoo
zczjro|8-o**&gv`=Pagn1?6aa#AZ>zwBb1YXnQJ)zl`z2gO!z@V+Gg@oJx~W*xs&}
z0O3v*$mXZoSwq=b6$-Y*c|SnW=l7urceJATyIM;76RGA&T)@=f^0%H}%r18wrU4IE
z$*cIfSk1rN*99BcTaU9ELTx*IZ%o~@uM(N7$`Uc#kxf3sTbYdftan_{UmPBvmdu_h
z?X#mrn3C$a7r7k}W%2sH`kG#(V;rq2HJT-Zf?z|pPT9-D$(elZJ<9UpioY1AN$8>3
zn>A8yg?Lv1v*svb{K2((JG$Q>ZI6ow&LZWbuL~F*ZpBV5kRnh1&Gzl@U4AU%OBeym
z49&c2p4zueO?4l?_swwtT(`Q{msmt^PRC1VzoUDI!*P3W6cU4U_462N|Jw}5+2FcN
z&-D}1)uA21cDC2q>k_H#B^`+6JEB8USz^{jxBz5jsoRHg1%y>@3AU^-Y&>aQtS7R7
z(F;~zDyO*@oI5|Ue>?7f<1~F_;jRr+2#Cp`hO8l@lMxM4NdVjHg-;FJ478jF)yv@a
z((tZjbWx*Famj<>ykVMDosV13D~AULdP0Yv_pj_)UVtahjuvV-Oowo9)(c|OS4gP7
zo9B3~_T4r6A`BH4t(<12>U+!zK}t(<Y6hB(otjG6ZN7R@JHWRi9UPckE5L3ql~=`2
z(q$6tUL>wuCDa7jCMd~}5j97HF5O>wJ)m<KHLOT9{Cug)B{+VLJaUIvDNz2p>9WsL
zbK|RKq#c0^xAdwyJi<+VWnS^wZz^2P(XTt5y<ne?a8mHXF4Fd;c52Imi~qZOkNjs^
zR0{;<!SD^6D2#(Y=(6Y&>Eu)7c~`&uToC~KIg&a*)Wgs;91D8|pElG9kUDRQ#H7-s
zfT=QUYh|yOcb(rGFKS%9*+lVWmlsf*wr!?K7zQ1=N4H%zhiO05S(bqjq?RKb*$u78
zF-cSyF)>RM?Of7vl#>*BB>a?hu0?E7$CzP)67le}itY{gi~{R<2FDodou)IlXd~;+
zov9%bH7@rR^&C$~)1|Iz>py*45NY`I&Ep|X5#*#O$o`_`PobytYj=uj`VRal2*}$Z
zo!4ElKhmbhEgU^ly*Aljc?{;=-c%_~ozEzntX4F9{E(@+T9h8p@&255-%!us<8`*H
zlnn1|m`n4jl@0$Xe*ElMxznMupKg8Da^Bq`+Y#S=i|AvWV)SxhKZE&`TQS;=dBrWV
zNd!aBSaVE6R}rU4_D`wo#}2J7zYF1C*`I68atMFQZ(TczlZPJuuJCfRzlxdq-9)1P
zaqn`%C;zn4>lDr7Bp0Jr`k1hRr|~A4vsHy>+|pitCa&1S$drj$p1gsoIR&BTS~j-`
zISO<@P_nIc%g;<Af~#?ycwjPeEqcqUL!}SKju_jnY&bAInb;pwggbO2aG^jmsiZ1t
z!6sO)9y5n=ODxyJx>=HU<z|f1HPjtXt!MeNWif`>?IhzL5rY>1rxo5g6Dwj{M92GN
zoVQIb(UI*EB?3L2YI(MmR40(!<TO;vVJn5PGx`aiKVyXGuLq<JSd)1*x$K+DG|{8`
z6-JDVm(?_z@4Q~F$O5aCfPu268N28CELyVKW&-&=XX7aN5_(fS6BpRwp8~8Z&U5Iz
zvJOC=858MnUh<&ZU#`+mbo$xkCxVZ^S@>*W(Vz(n>YnYGJ&dlJzP#CSOVYbn94c0e
z>X*8Gq9QqS9ygCudDioR(?*wXa$SH;`1LG)!a@UZxw*S~er?2i{<3rd-^KiuQ*8<|
zKg&J)TNd8{8@~8)l5^|X!<*nis%y?KpS6=w$Ug9q&a<&MXOYd-L|!N9Zc$M<(PVyW
z3O88EVLOXecAqiXUHYrZ9`hBuW7JI1y<fviU%>*p0C6n;gdRYcg=|8s1E0UgC$%<H
zfAuK~Dv5YO=}b0vR^%Y_{l|CQe>J9uRChaLswc{x_1D3?p$6>nxTA5|Uq_Jxct2qn
zDPr~SI}K;DfD@Us)35S(f!E|&78|$iuj{&<2-rK};po!8{^#HuK$eQ$^Y2>@gLHs5
z>YYNQEdOT-H!dEK{o_wOmm2pT@PTibc#G5jcs1lyfNWGQIQs8d4xpbiP1}D}SQ?Oh
zB{um_hYJHL-ubqiX7$%~jRIsj0`qzQo_Rl4-n@x@_HWZ(0kWoWQg;7s=>Pj34R}Jt
YqV_^H{WKK&{CbwGl!9cXxIy6m0`%q(XaE2J

literal 0
HcmV?d00001