Update az-storage.md

carlospolop · web-flow · commit ce30a61d987b · 2026-01-13T15:55:00.000+01:00
diff --git a/src/pentesting-cloud/azure-security/az-services/az-storage.md b/src/pentesting-cloud/azure-security/az-services/az-storage.md
@@ -82,13 +82,6 @@ az storage blob list --container-name '$web' --account-name <acc-name> --auth-mo
 az storage blob download -c '$web' --name iac/terraform.tfvars --file /dev/stdout --account-name <acc-name> --auth-mode login
 ```
 
-- Inspect downloaded files for leaked **SAS tokens** or credentials. SAS params show scope and risk: `sv` (API version), `ss` (services like blob `b`), `srt` (resource types `s`/`c`/`o`), `sp` (permissions such as `r`/`l`/`a`/`c`/`w`/`d`/`x`), `se` (expiry), and `sig` (signature). A wide `sp` set plus far-future `se` indicates a long-lived bearer credential that enables read/list/write/delete until revoked.
-- Abuse a recovered SAS immediately, for example:
-
-```bash
-az storage blob list --account-name <acc-name> --container-name <target-container> --sas-token "<sv=...&ss=...&srt=...&sp=...&se=...&sig=...>"
-```
-
 ### Connect to Storage
 
 If you find any **storage** you can connect to you could use the tool [**Microsoft Azure Storage Explorer**](https://azure.microsoft.com/es-es/products/storage/storage-explorer/) to do so.
