TL;DRToken Security researchers have discovered several Azure built-in roles that are misconfigured to be over-privileged - they grant more permissions than intended by Azure.In addition, we discovered another vulnerability in the Azure API that allows attackers to leak VPN keys.Combined, these two issues create a new attack chain that lets a weak user gain access to both internal cloud assets and on-premises networks.In this report, we detail the research process that led to the discoveries, th...