Top 5 things that will land an attacker in Azure Cloud - TrustedSec Blog

Top 5 Things That Will Land an Attacker in the Azure Cloud

February 21, 2023
By in Application Security Assessment, Cloud Assessment, Cloud Penetration Testing, Office 365 Security Assessment, Password Audits

1. Misconfigured Cloud Infrastructure What type of misconfigurations can exist in a cloud infrastructure? Vulnerable front-facing webservers, unpatched appliances, and storage accounts allowing anonymous public access are just a few examples of common infrastructure misconfigurations in cloud environments. How can these services translate into an attacker gaining access to my cloud? Storage accounts can hold…

Read
Azure AD Kerberos on the TrustedSec Security Blog

Azure AD Kerberos Tickets: Pivoting to the Cloud

February 9, 2023
By in Active Directory Security Review, Cloud Assessment, Cloud Baseline Configuration Review, Cloud Penetration Testing, Penetration Testing, Security Testing & Analysis

If you’ve ever been doing an Internal Penetration test where you’ve reached Domain Admin status and you have a cloud presence, your entire Azure cloud can still be compromised. In this blog, I’ll take you through this scenario and show you the dangers of machine account SSO compromise. We will do so without extracting any…

Read

Auditing Exchange Online From an Incident Responder’s View

November 8, 2022
By in Application Security Assessment, Cloud Assessment, Incident Response, Office 365 Security Assessment, Organizational Training, Password Audits

Business Email Compromise (BEC) within the Microsoft 365 environment is becoming a more common attack vector. In case you’re unfamiliar with what exactly BEC entails, it’s when an attacker or unauthorized user gains access to a business email account via social engineering. Most commonly, an attacker compromises an account, intercepts email conversation(s), and uses this…

Read
A Primer on Cloud Logging TrustedSec Security Blog

A Primer on Cloud Logging for Incident Response

October 25, 2022
By in Cloud Assessment, Cloud Penetration Testing, Incident Response, Incident Response & Forensics, Penetration Testing, Security Testing & Analysis, Table-Top Exercises

Overview This blog post will provide an overview of common log sources in Azure and AWS, along with associated storage and analysis options. At a high level, cloud-based incidents can be categorized into host-based compromises (that is, compromises primarily involving virtual machines hosted in the cloud) and identity-based or resource-based compromises (compromises primarily involving cloud-native…

Read

Common Conditional Access Misconfigurations and Bypasses in Azure

October 4, 2022
By in Cloud Assessment, Cloud Baseline Configuration Review, Cloud Penetration Testing, Penetration Testing, Security Testing & Analysis

Conditional Access is widely used in Azure to prevent unauthorized access. When it works, it can shut down attacks, even if the user’s password is known. However, it doesn’t always work as intended. For this blog post I wanted to provide an in-depth look at common Conditional Access configurations in Azure, along with potential bypasses….

Read

Defending the Gates of Microsoft Azure With MFA

April 26, 2022
By in Cloud Assessment, Penetration Testing, Security Testing & Analysis

Since Russia’s invasion of Ukraine, companies based in the United States have been on alert for potential cyberattacks on IT infrastructure. Multi-Factor Authentication (MFA) has been one of the most recommended settings for organizations to turn on. Recently, the White House issued a FACT SHEET on how organizations can protect themselves against potential cyberattacks from…

Read
hacker blog graphic

Next Gen Phishing – Leveraging Azure Information Protection

April 25, 2019
By in Cloud Assessment, Security Testing & Analysis, Social Engineering

In this blog post, I will go over how to use Azure Information Protection (AIP) to improve phishing campaigns from the perspective of an attacker. The idea came during an engagement where I was having trouble getting phishing emails into users’ inboxes without being caught by a sandbox on the way. During this engagement, it…

Read
Five Thoughts on Securing Multi-Cloud Environments graphic

Five Thoughts on Securing Multi-Cloud Environments

March 19, 2019
By in Cloud Assessment, Cloud Baseline Configuration Review, Remediation Assistance & Training, Security Program Management, Security Testing & Analysis

As its name suggests, a multi-cloud environment is a network that utilizes the services of more than one cloud provider. There are many different ways that multi-cloud infrastructures can be designed and a primary topic of discussion is how to properly secure these environments.  No single cloud service provider has the best environment for every…

Read
graphic of file folders emerging from computer screen

How to Set Up a Quick, Simple WebDAV Server for Remote File Sharing

June 8, 2018
By in Application Security Assessment, Cloud Assessment, Penetration Testing, Security Testing & Analysis

Dropping payloads to disk is often risky, not only from an Operations Security (OPSEC) standpoint, but it’s also more likely to trigger AV. To avoid exposing ourselves to these risks, it’s often more desirable to reference a file from a remote location. One method of doing this is to make use of WebDAV, a service…

Read

  • Search the blog

  • Search by Author

  • Browse by date

  • Browse by Category

  • Clear Form