AzureStrike: An HTA Application which builds Azure (Entra) Scenarios for Red Team Simulations
submitted by /u/digicat [link] [comments]
Articles tagged with: #azure
Clear filter
Azure's Default API Connection Vulnerability Enables Full Cross-Tenant Compromise
A critical vulnerability in Microsoft Azure's API Connection infrastructure enabled attackers to compromise resources across different Azure tenants worldwide. The flaw, which earned Gulbrandsrud a $40,000 bounty and a Black Hat presentation slot, exploited Azure's shared API Management (APIM) instance architecture to gain unauthorized access to Key Vaults, Azure SQL databases, and third-party services like
[HELP] Azure Activity Logs Not Reaching Splunk via Event Hub - 0 Messages
submitted by /u/Responsible-Bus2149 [link] [comments]
[HELP] Defender for Endpoint Auto-Isolating Azure Lab VMs - Can't Regain Access
submitted by /u/Responsible-Bus2149 [link] [comments]
Azure's Weakest Link - Full Cross-Tenant Compromise
submitted by /u/BinarySecurity [link] [comments]
Azure's Weakest Link - Full Cross-Tenant Compromise
submitted by /u/BinarySecurity [link] [comments]
AWS vs Azure Security Monitoring
submitted by /u/m_jax [link] [comments]
Azure/Entra AD persistence mechanisms
Hello All, Besides the standard "threat actor made new AD accounts" what are some persistence mechanisms a threat actor may setup in Azure and Entra AD? Let's assume passwords are reset for all admin and regular accounts and servers are wiped. What are some ways threat actors may change azure to allow themselves back in? Azure has so many different services that I feel like they can create back doors even if they lose account access or initial access. submitted by /u/dudethadude [link]...
AMA with the Orca Security Researchers Behind a New Cloud Security Report Analyzing Billions of Cloud Assets Across AWS, Azure, GCP, Oracle, and Alibaba Cloud!
We're from Orca Security, we're excited to host an AMA tomorrow at 9AM to 12PM ET , featuring our Head of Research, Bar Kaduri, and Cloud Security Researcher, Shir Sadon, who published a new report analyzing billions of real-world cloud assets across the major cloud providers, including: AWS, Azure, Google Cloud, Oracle Cloud, and Alibaba Cloud . This AMA is your chance to engage directly with the experts behind the data. We are here to answer questions around: the research process surprising...
IAM
How do you guys feel about IAM specific certifications? I have seen CIAM mentioned a good amount of times, but I have never seen CIDPro. It is weird because people say CIAM is useless while CIDPro is the gold standard in the IAM space. I am specifically asking about vendor-agnostic stuff, because I know Azure has an IAM cert for its platform. submitted by /u/Techatronix [link] [comments]