small fixes

Author: carlospolop

src/pentesting-cloud/azure-security/README.md

@@ -22,7 +22,7 @@ The first step is of course to enumerate information about the tenant you are at
 
 Based on the domain name it's possible to know **if the company if using Azure**, get the **tenant ID**, get other **valid domains** in the same tenant (if more) and get **relevant information** like if SSO is enabled, mail configurations, valid user emails...
 
-Check the folloeing page to learn how to perform the **external enumeration**:
+Check the following page to learn how to perform the **external enumeration**:
 
 {{#ref}}
 az-unauthenticated-enum-and-initial-entry/
@@ -72,7 +72,7 @@ The following tools will be super useful to enumerate both Entra ID tenants and
 az-enumeration-tools.md
 {{#endref}}
 
-### Bypass Login Conditions
+### Bypass Access Policies
 
 <figure><img src="../../images/image (268).png" alt=""><figcaption></figcaption></figure>
 
@@ -85,7 +85,11 @@ In cases where you have some valid credentials but you cannot login, these are s
 
 After bypassing it, you might be able to get back to your initial setup and you will still have access.
 
+Check:
 
+{{#ref}}
+az-privilege-escalation/az-entraid-privesc/az-conditional-access-policies-mfa-bypass.md
+{{#endref}}
 
 ### Whoami
 
@@ -145,7 +149,7 @@ Get-AzureADTenantDetail
 {{#endtabs }}
 
 
-### Entra ID Enumeration & Privilege Escalation
+### Entra ID Enumeration & Privesc
 
 By default, any user should have **enough permissions to enumerate** things such as users, groups, roles, service principals... (check [default AzureAD permissions](az-basic-information/index.html#default-user-permissions)).\
 You can find here a guide:
@@ -161,7 +165,7 @@ az-enumeration-tools.md#automated-post-exploitation-tools
 {{#endref}}
 
 
-### Enumerate Azure Services
+### Azure Enumeration
 
 Once you know who you are, you can start enumerating the **Azure services you have access to**.
 
@@ -196,7 +200,7 @@ In the following section you can find **information about the most common Azure
 az-services/
 {{#endref}}
 
-### Privilege Escalation, Post-Exploitation & Persistence in Azure Services
+### Privilege Escalation, Post-Exploitation & Persistence
 
 Once you know how is the Azure environment structured and what services are being used, you can start looking for ways to **escalate privileges, move laterally, perform other post-exploitation attacks and maintain persistence**.
 

src/pentesting-cloud/azure-security/az-persistence/README.md

@@ -2,9 +2,9 @@
 
 {{#include ../../../banners/hacktricks-training.md}}
 
-### Illicit Consent Grant
+### OAuth Application
 
-By default, any user can register an application in Azure AD. So you can register an application (only for the target tenant) that needs high impact permissions with admin consent (an approve it if you are the admin) - like sending mail on a user's behalf, role management etc.T his will allow us to **execute phishing attacks** that would be very **fruitful** in case of success.
+By default, any user can register an application in Entra ID. So you can register an application (only for the target tenant) that needs high impact permissions with admin consent (an approve it if you are the admin) - like sending mail on a user's behalf, role management etc.T his will allow us to **execute phishing attacks** that would be very **fruitful** in case of success.
 
 Moreover, you could also accept that application with your user as a way to maintain access over it.
 

src/pentesting-cloud/azure-security/az-services/az-azuread.md

@@ -1001,15 +1001,15 @@ When PIM is enabled it's possible to configure each role with certain requiremen
 - Max time to expire the elegible assignments
 - A lot more configuration on when and who to send notifications when certain actions happen with that role
 
-### Conditional Access Policies <a href="#title-text" id="title-text"></a>
+### Conditional Access Policies
 
 Check:
 
 {{#ref}}
 ../az-privilege-escalation/az-entraid-privesc/az-conditional-access-policies-mfa-bypass.md
 {{#endref}}
 
-### Entra Identity Protection <a href="#title-text" id="title-text"></a>
+### Entra Identity Protection
 
 Entra Identity Protection is a security service that allows to **detect when a user or a sign-in is too risky** to be accepted, allowing to **block** the user or the sig-in attempt.