Forwarded from CloudSec Wine (Artem)
🔷 Azure Future SIEM
Great visualization of the future Microsoft SIEM using Microsoft's cloud-based Azure infrastructure!
#azure
Great visualization of the future Microsoft SIEM using Microsoft's cloud-based Azure infrastructure!
#azure
Forwarded from CloudSec Wine (Artem)
🔶🔷🔴 Cloudy with a Chance of Bad Logs: Cloud Platform Log Configurations to Consider in Investigations
Post describing a hypothetical scenario of a cloud platform compromise with multiple components that would require investigation. Each component is an example of a real intrusion tactic that Mandiant has investigated across various cloud platforms, sometimes with logs available and sometimes without logs available.
https://www.mandiant.com/resources/blog/cloud-bad-log-configurations
#aws #azure #gcp
Post describing a hypothetical scenario of a cloud platform compromise with multiple components that would require investigation. Each component is an example of a real intrusion tactic that Mandiant has investigated across various cloud platforms, sometimes with logs available and sometimes without logs available.
https://www.mandiant.com/resources/blog/cloud-bad-log-configurations
#aws #azure #gcp
Forwarded from CloudSec Wine (Artem)
🔶🔷 Manage multiple Terraform projects in monorepo
A look at one possible way to organize and manage a monorepo setup, which will contain multiple projects and Terraform modules, with deployments spanning across multiple targets such as AWS accounts or Azure subscriptions.
https://janik6n.net/posts/manage-multiple-terraform-projects-in-monorepo
#aws #azure
A look at one possible way to organize and manage a monorepo setup, which will contain multiple projects and Terraform modules, with deployments spanning across multiple targets such as AWS accounts or Azure subscriptions.
https://janik6n.net/posts/manage-multiple-terraform-projects-in-monorepo
#aws #azure
Forwarded from CloudSec Wine (Artem)
🔷 Understanding Azure logging capabilities in depth
Azure includes lots of great technologies, which can be used for logging purpose. Currently, Microsoft is transitioning from v1-method (MMA) to v2-method using DCRs.
#azure
Azure includes lots of great technologies, which can be used for logging purpose. Currently, Microsoft is transitioning from v1-method (MMA) to v2-method using DCRs.
#azure
Forwarded from CloudSec Wine (Artem)
🔷 Bridging the Security Gap: Mitigating Lateral Movement Risks from On-Premises to Cloud Environments
This blog post discusses lateral movement risks from on-prem to the cloud, explaining attacker TTPs, and outlining best practices for cloud builders and defenders to help secure their cloud environments and mitigate risk.
https://www.wiz.io/blog/lateral-movement-risks-in-the-cloud-and-how-to-prevent-them-part-4-from-compromis
#azure
This blog post discusses lateral movement risks from on-prem to the cloud, explaining attacker TTPs, and outlining best practices for cloud builders and defenders to help secure their cloud environments and mitigate risk.
https://www.wiz.io/blog/lateral-movement-risks-in-the-cloud-and-how-to-prevent-them-part-4-from-compromis
#azure
Forwarded from CloudSec Wine (Artem)
🔷 Tampering with Conditional Access Policies Using Azure AD Graph API
Modifications made using AADGraph are not properly logged, endangering integrity and non-repudiation of Azure AD policies.
https://www.secureworks.com/research/tampering-with-conditional-access-policies-using-azure-ad-graph-api
#azure
Modifications made using AADGraph are not properly logged, endangering integrity and non-repudiation of Azure AD policies.
https://www.secureworks.com/research/tampering-with-conditional-access-policies-using-azure-ad-graph-api
#azure
Forwarded from CloudSec Wine (Артем Марков)
🔷 OneDrive to Enum Them All
TrustedSec researchers have discovered a OneDrive enumeration vulnerability that could allow an attacker to discover the email addresses of OneDrive users. You can also refer to the companion tool.
https://www.trustedsec.com/blog/onedrive-to-enum-them-all
#azure
TrustedSec researchers have discovered a OneDrive enumeration vulnerability that could allow an attacker to discover the email addresses of OneDrive users. You can also refer to the companion tool.
https://www.trustedsec.com/blog/onedrive-to-enum-them-all
#azure
Forwarded from Ralf Hacker Channel (Ralf Hacker)
Obtaining Domain Admin from Azure AD by abusing Cloud Kerberos Trust
https://dirkjanm.io/obtaining-domain-admin-from-azure-ad-via-cloud-kerberos-trust/
#ad #azure #redtram #pentest
https://dirkjanm.io/obtaining-domain-admin-from-azure-ad-via-cloud-kerberos-trust/
#ad #azure #redtram #pentest
dirkjanm.io
Obtaining Domain Admin from Azure AD by abusing Cloud Kerberos Trust
Many modern enterprises operate in a hybrid environment, where Active Directory is used together with Azure Active Directory. In most cases, identities will be synchronized from the on-premises Active Directory to Azure AD, and the on-premises AD remains…
Forwarded from Волосатый бублик
#ad #privecs #azure #kerberos
Obtaining Domain Admin from Azure AD by abusing Cloud Kerberos Trust
https://dirkjanm.io/obtaining-domain-admin-from-azure-ad-via-cloud-kerberos-trust
Obtaining Domain Admin from Azure AD by abusing Cloud Kerberos Trust
https://dirkjanm.io/obtaining-domain-admin-from-azure-ad-via-cloud-kerberos-trust
dirkjanm.io
Obtaining Domain Admin from Azure AD by abusing Cloud Kerberos Trust
Many modern enterprises operate in a hybrid environment, where Active Directory is used together with Azure Active Directory. In most cases, identities will be synchronized from the on-premises Active Directory to Azure AD, and the on-premises AD remains…
Forwarded from CloudSec Wine (Artem)
🔷 nOAuth: How Microsoft OAuth Misconfiguration Can Lead to Full Account Takeover
An implementation flaw discovered in Microsoft Azure AD OAuth applications that, when exploited, could lead to full account takeover.
https://www.descope.com/blog/post/noauth
(use VPN to open from Russia)
#azure
An implementation flaw discovered in Microsoft Azure AD OAuth applications that, when exploited, could lead to full account takeover.
https://www.descope.com/blog/post/noauth
(use VPN to open from Russia)
#azure
Forwarded from CloudSec Wine (Artem)
🔶🔷🔴 8 Terraform continuous validation use cases for AWS, Google Cloud, and Azure
How to use Terraform "check" blocks and continuous validation with AWS, Google Cloud, and Azure services.
https://www.hashicorp.com/blog/8-terraform-continuous-validation-use-cases-for-aws-google-cloud-and-azure
#aws #azure #gcp
How to use Terraform "check" blocks and continuous validation with AWS, Google Cloud, and Azure services.
https://www.hashicorp.com/blog/8-terraform-continuous-validation-use-cases-for-aws-google-cloud-and-azure
#aws #azure #gcp
Forwarded from CloudSec Wine (Артем Марков)
🔷 Public preview: Sensitive Data Protection for Application Gateway Web Application Firewall logs
Protect the sensitive data getting stored in your Web Application Firewall (WAF) logs using log scrubbing on Azure's regional Web Application Firewall running on Application Gateway.
https://azure.microsoft.com/en-us/updates/public-preview-sensitive-data-protection-for-application-gateway-web-application-firewall-logs
#azure
Protect the sensitive data getting stored in your Web Application Firewall (WAF) logs using log scrubbing on Azure's regional Web Application Firewall running on Application Gateway.
https://azure.microsoft.com/en-us/updates/public-preview-sensitive-data-protection-for-application-gateway-web-application-firewall-logs
#azure
Forwarded from CloudSec Wine (Artem)
🔷 Microsoft Entra Workload ID - Introduction and Delegated Permissions
Post providing an overview about some aspects and features which are important in delegating management of Workload ID in Microsoft Entra: Who can see and create apps? Why you should avoid assigning owners to service principals or application objects?
https://www.cloud-architekt.net/entra-workload-id-introduction-and-delegation
#azure
Post providing an overview about some aspects and features which are important in delegating management of Workload ID in Microsoft Entra: Who can see and create apps? Why you should avoid assigning owners to service principals or application objects?
https://www.cloud-architekt.net/entra-workload-id-introduction-and-delegation
#azure
Forwarded from CloudSec Wine (Артем Марков)
🔷 Knocking on the Front Door (client side desync attack on Azure CDN)
A write-up on a Browser-Powered Desync bug discovered in the Azure CDN service known as Front Door.
https://blog.jeti.pw/posts/knocking-on-the-front-door
#azure
A write-up on a Browser-Powered Desync bug discovered in the Azure CDN service known as Front Door.
https://blog.jeti.pw/posts/knocking-on-the-front-door
#azure
Forwarded from CloudSec Wine (Artem)
🔷 How to Detect When an Azure Guest User Account Is Being Exploited
In Azure environments, guest users are the go-to option when giving access to a user from a different tenant. However, this could prove to be a costly mistake.
https://orca.security/resources/blog/detect-guest-user-account-exploited
#azure
In Azure environments, guest users are the go-to option when giving access to a user from a different tenant. However, this could prove to be a costly mistake.
https://orca.security/resources/blog/detect-guest-user-account-exploited
#azure
Forwarded from CloudSec Wine (Artem)
🔷 5 Tips to prevent or limit the impact of an incident in Azure
Five low-cost and easy to implement measures with high-impact to prevent or limit the impact of an incident in Azure: setup budget quotas, restrict app registration, prevent subscriptions from entering your tenant, ingest audit logging, and limit external collaboration.
https://invictus-ir.medium.com/5-tips-to-prevent-or-limit-the-impact-of-an-incident-in-azure-e9f664fe0100
(Use VPN to open from Russia)
#azure
Five low-cost and easy to implement measures with high-impact to prevent or limit the impact of an incident in Azure: setup budget quotas, restrict app registration, prevent subscriptions from entering your tenant, ingest audit logging, and limit external collaboration.
https://invictus-ir.medium.com/5-tips-to-prevent-or-limit-the-impact-of-an-incident-in-azure-e9f664fe0100
(Use VPN to open from Russia)
#azure
Forwarded from CloudSec Wine (Artem)
🔷 5 Tips to prevent or limit the impact of an incident in Azure
Five low-cost and easy to implement measures with high-impact to prevent or limit the impact of an incident in Azure: setup budget quotas, restrict app registration, prevent subscriptions from entering your tenant, ingest audit logging, and limit external collaboration.
https://invictus-ir.medium.com/5-tips-to-prevent-or-limit-the-impact-of-an-incident-in-azure-e9f664fe0100
(Use VPN to open from Russia)
#azure
Five low-cost and easy to implement measures with high-impact to prevent or limit the impact of an incident in Azure: setup budget quotas, restrict app registration, prevent subscriptions from entering your tenant, ingest audit logging, and limit external collaboration.
https://invictus-ir.medium.com/5-tips-to-prevent-or-limit-the-impact-of-an-incident-in-azure-e9f664fe0100
(Use VPN to open from Russia)
#azure
Forwarded from CloudSec Wine (Артем Марков)
🔷 (Ab)using the Microsoft Identity Platform: Exploring Azure AD Token Caching
Presentation examining how JSON Web Token (JWT) caching works in corporate settings with Azure Active Directory (Azure AD) integration, including Azure AD Joined and Hybrid environments.
https://github.com/FuzzySecurity/SANS-HackFest-2023/blob/main/SANS_HackFest23-Abusing_The-Microsoft-Identity-Platform.pdf
#azure
Presentation examining how JSON Web Token (JWT) caching works in corporate settings with Azure Active Directory (Azure AD) integration, including Azure AD Joined and Hybrid environments.
https://github.com/FuzzySecurity/SANS-HackFest-2023/blob/main/SANS_HackFest23-Abusing_The-Microsoft-Identity-Platform.pdf
#azure
Forwarded from CloudSec Wine (Артем Марков)
🔷 Automating Managed Identity Token Extraction in Azure Container Registries
The «Tasks» functionality can be abused by attackers to generate tokens for any Managed Identities that are attached to the ACR.
https://www.netspi.com/blog/technical/cloud-penetration-testing/automating-managed-identity-token-extraction-in-azure-container-registries/
#azure
The «Tasks» functionality can be abused by attackers to generate tokens for any Managed Identities that are attached to the ACR.
https://www.netspi.com/blog/technical/cloud-penetration-testing/automating-managed-identity-token-extraction-in-azure-container-registries/
#azure
Forwarded from CloudSec Wine (Артем Марков)
With Global Secure Access enabled access to the Microsoft 365 services such as SharePoint/OneDrive will be recorded in the EnrichedOffice365AuditLogs.
https://www.invictus-ir.com/news/the-mystery-of-the-enrichedoffice365auditlogs-solved
#azure
Please open Telegram to view this post
VIEW IN TELEGRAM