Introduction The cloud security landscape for AWS has continued to evolve each year to become a complex set of products and best practices with the goal of maintaining a mature security posture. AWS Organizations was released in 2017[1] and has been a major solution to aid in managing the multi-account AWS environment that the cloud…
Read
THIS POST WAS WRITTEN BY @NYXGEEK Intro Password recovery tool hashcat ships with a bunch of great rules, but have you actually looked at them? Being familiar with the built-in rules can help enhance your cracking capabilities and enable you to choose the right rule or rule combination. via GIPHY So where are these rules anyways?…
Read
If you’ve ever been doing an Internal Penetration test where you’ve reached Domain Admin status and you have a cloud presence, your entire Azure cloud can still be compromised. In this blog, I’ll take you through this scenario and show you the dangers of machine account SSO compromise. We will do so without extracting any…
Read
Conditional Access is widely used in Azure to prevent unauthorized access. When it works, it can shut down attacks, even if the user’s password is known. However, it doesn’t always work as intended. For this blog post I wanted to provide an in-depth look at common Conditional Access configurations in Azure, along with potential bypasses….
Read
As its name suggests, a multi-cloud environment is a network that utilizes the services of more than one cloud provider. There are many different ways that multi-cloud infrastructures can be designed and a primary topic of discussion is how to properly secure these environments. No single cloud service provider has the best environment for every…
Read