close menu
Shop Our Merch Report A Breach 1-877-550-4728
Latest
Situational Awareness BOFs for Script Kiddies
March 21, 2023
By Adam Todd in Research
Featured
Looting iOS App’s Cache.db
December 1, 2022
By Drew Kirkpatrick in Application Security Assessment, Mobile Security Assessment, Penetration Testing, Program Assessment & Compliance, Program Development, Research, Security Testing & Analysis
Most Read
The Art of Bypassing Kerberoast Detections with Orpheus
November 17, 2022
By Ben Mauch in Penetration Testing, Purple Team Adversarial Detection & Countermeasures, Red Team Adversarial Attack Simulation, Research, Security Testing & Analysis
Top 5 things that will land an attacker in Azure Cloud - TrustedSec Blog

Top 5 Things That Will Land an Attacker in the Azure Cloud

February 21, 2023
By Edwin David in Application Security Assessment, Cloud Assessment, Cloud Penetration Testing, Office 365 Security Assessment, Password Audits
1. Misconfigured Cloud Infrastructure What type of misconfigurations can exist in a cloud infrastructure? Vulnerable front-facing webservers, unpatched appliances, and storage accounts allowing anonymous public access are just a few examples of common infrastructure misconfigurations in cloud environments. How can these services translate into an attacker gaining access to my cloud? Storage accounts can hold...
Azure AD Kerberos on the TrustedSec Security Blog

Azure AD Kerberos Tickets: Pivoting to the Cloud

February 9, 2023
By Edwin David in Active Directory Security Review, Cloud Assessment, Cloud Baseline Configuration Review, Cloud Penetration Testing, Penetration Testing, Security Testing & Analysis
If you’ve ever been doing an Internal Penetration test where you’ve reached Domain Admin status and you have a cloud presence, your entire Azure cloud can still be compromised. In this blog, I’ll take you through this scenario and show you the dangers of machine account SSO compromise. We will do so without extracting any...

Common Conditional Access Misconfigurations and Bypasses in Azure

October 4, 2022
By Edwin David in Cloud Assessment, Cloud Baseline Configuration Review, Cloud Penetration Testing, Penetration Testing, Security Testing & Analysis
Conditional Access is widely used in Azure to prevent unauthorized access. When it works, it can shut down attacks, even if the user’s password is known. However, it doesn’t always work as intended. For this blog post I wanted to provide an in-depth look at common Conditional Access configurations in Azure, along with potential bypasses....

Defending the Gates of Microsoft Azure With MFA

April 26, 2022
By Edwin David in Cloud Assessment, Penetration Testing, Security Testing & Analysis
Since Russia’s invasion of Ukraine, companies based in the United States have been on alert for potential cyberattacks on IT infrastructure. Multi-Factor Authentication (MFA) has been one of the most recommended settings for organizations to turn on. Recently, the White House issued a FACT SHEET on how organizations can protect themselves against potential cyberattacks from...

  • Search the blog

  • Search by Author

  • Browse by date

  • Browse by Category

  • Clear Form
3485 Southwestern Boulevard
Fairlawn, OH 44333
1-877-550-4728
  • Follow TrustedSec on Twitter
  • Connect with TrustedSec on LinkedIn
  • Get TrustedSec's RSS feed

Get TrustedSec in your inbox

Sign up to receive the latest in cybersecurity news and resources

    By submitting this form, I agree to receive marketing communications from TrustedSec, which I can unsubscribe from at any time.

    This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
    © Copyright 2023 by TrustedSec. All rights reserved.