Using Azurehound to Identify Azure Attack Paths by Kevin Mwanjumwa

property
value
tags
azure-cloud,cloud-attacks,cloud-tactics
url
original_word_count
6107

Article Excerpt

a pretext is a purpose or a motivealleged or an appearance assumed inorder to cloak the real intention orState of Affairs Omaha is trying to get into your networklisten this is your manager and I'mtrying to send off an email I got thisdocument I need you to confirm a fewdetails so go ahead and log i

Long Summary

This article discussed an upcoming session hosted by a community group on the 18th of the month. The speaker for the session is Cow, the VP of the research team at Netpi. Cow and the group have previously discussed the book Azure Pen Testing for Ethical Accounts together. The topic of the upcoming session is a recent vulnerability that the Netpi team disclosed to Microsoft for the Azure Function Apps. Cow will be speaking on how they found the vulnerability, the disclosure process, and how to protect against it.

Cow will explain how the vulnerability was discovered and how it was reported to Microsoft. He will also discuss the steps that can be taken to protect against the vulnerability. These steps include using Azure ID Signing Logs, Azure Multi-Factor Authentication, and Privileged Identity Management. Cow will also discuss the use of CLI and Powershell scripts to extract data from prevention. He will mention that a user account with reader permissions should be sufficient to run the authentication flow and get a refresh token, which is then fed to Azure Hound.

At the end of the session, Kevin and Ibrahima thanked everyone for attending and encouraged them to join the community Meetup group to be notified of future events. They wished everyone a lovely rest of the day and said goodbye.

In conclusion, the upcoming session hosted by a community group will discuss a recent vulnerability that the Netpi team disclosed to Microsoft for the Azure Function Apps. Cow will explain how the vulnerability was discovered and how it was reported to Microsoft. He will also discuss the steps that can be taken to protect against the vulnerability, such as using Azure ID Signing Logs, Azure Multi-Factor Authentication, and Privileged Identity Management. At the end of the session, Kevin and Ibrahima thanked everyone for attending and encouraged them to join the community Meetup group to be notified of future events. They wished everyone a lovely rest of the day and said goodbye.

Short Summary

šŸ““ Using Azurehound to Identify Azure Attack Paths by Kevin Mwanjumwa

šŸ‘‰šŸ½ a pretext is a purpose or a motivealleged or an appearance assumed inorder to cloak the real intention orState of Affairs Omaha is trying to get into your networklisten this is your manager and I'mtrying to send off an email I got thisdocument I need you to confirm a fewdetails so go ahead and log i šŸ‘‰šŸ½ Community group hosts session on recent vulnerability in Azure Function Apps. šŸ‘‰šŸ½ Speaker for session is Cow, VP of research team at Netpi. šŸ‘‰šŸ½ Cow previously discussed book on ethical account testing with group. šŸ‘‰šŸ½ Cow will share how vulnerability was discovered and disclosed to Microsoft. šŸ‘‰šŸ½ Cow will explore steps to protect against vulnerability, including Azure ID Logging. šŸ‘‰šŸ½ Other protective measures include Multi-Factor Authentication and Privileged Identity Management. šŸ‘‰šŸ½ Cow will discuss use of CLI and Powershell scripts for data extraction. šŸ‘‰šŸ½ Session attendees thanked for coming and encouraged to join Meetup group for future events. šŸ‘‰šŸ½ Kevin and Ibrahima led closing remarks, wishing attendees a lovely day. šŸ‘‰šŸ½ Overall goal of session is to educate on vulnerability and promote cybersecurity practices.

#AzureSecurity #VulnerabilityDisclosure #NetpiResearch #ProtectYourself #CommunityMeetup