Top 5 things that will land an attacker in Azure Cloud - TrustedSec Blog

Top 5 Things That Will Land an Attacker in the Azure Cloud

February 21, 2023
By in Application Security Assessment, Cloud Assessment, Cloud Penetration Testing, Office 365 Security Assessment, Password Audits

1. Misconfigured Cloud Infrastructure What type of misconfigurations can exist in a cloud infrastructure? Vulnerable front-facing webservers, unpatched appliances, and storage accounts allowing anonymous public access are just a few examples of common infrastructure misconfigurations in cloud environments. How can these services translate into an attacker gaining access to my cloud? Storage accounts can hold…

Read
Azure AD Kerberos on the TrustedSec Security Blog

Azure AD Kerberos Tickets: Pivoting to the Cloud

February 9, 2023
By in Active Directory Security Review, Cloud Assessment, Cloud Baseline Configuration Review, Cloud Penetration Testing, Penetration Testing, Security Testing & Analysis

If you’ve ever been doing an Internal Penetration test where you’ve reached Domain Admin status and you have a cloud presence, your entire Azure cloud can still be compromised. In this blog, I’ll take you through this scenario and show you the dangers of machine account SSO compromise. We will do so without extracting any…

Read
A Primer on Cloud Logging TrustedSec Security Blog

A Primer on Cloud Logging for Incident Response

October 25, 2022
By in Cloud Assessment, Cloud Penetration Testing, Incident Response, Incident Response & Forensics, Penetration Testing, Security Testing & Analysis, Table-Top Exercises

Overview This blog post will provide an overview of common log sources in Azure and AWS, along with associated storage and analysis options. At a high level, cloud-based incidents can be categorized into host-based compromises (that is, compromises primarily involving virtual machines hosted in the cloud) and identity-based or resource-based compromises (compromises primarily involving cloud-native…

Read

Common Conditional Access Misconfigurations and Bypasses in Azure

October 4, 2022
By in Cloud Assessment, Cloud Baseline Configuration Review, Cloud Penetration Testing, Penetration Testing, Security Testing & Analysis

Conditional Access is widely used in Azure to prevent unauthorized access. When it works, it can shut down attacks, even if the user’s password is known. However, it doesn’t always work as intended. For this blog post I wanted to provide an in-depth look at common Conditional Access configurations in Azure, along with potential bypasses….

Read

  • Search the blog

  • Search by Author

  • Browse by date

  • Browse by Category

  • Clear Form