Monday, December 5, 2022
HomeCyber SecurityAzure Safety. Posts on Azure Safety by Teri… | by Teri Radichel...

Azure Safety. Posts on Azure Safety by Teri… | by Teri Radichel | Cloud Safety | Dec, 2022


Posts on Azure Safety by Teri Radichel

This can be a compilation of my posts on Azure Safety. Though I educate Azure Safety lessons, I choose to make use of AWS more often than not once I’m doing safety assessments and penetration testing. I’ve much more posts on AWS Safety for that motive. However proper now I’m educating an Azure class so count on a couple of extra Azure posts for a minute. Additionally, a lot of the ideas I write about on AWS Safety may be translated to Azure Safety. Possibly sometime I’ll get round to writing about that translation.

Hacker as Cloud Clients

This put up explains how attackers used AWS and Azure within the Photo voltaic Winds breach.

Photo voltaic Winds Breach Retrospective: Half 3

This put up explains how Azure options similar to MFA and Conditional Entry may need prevented the Photo voltaic Winds Breach that mainly took over Azure accounts. It additionally explains how perceive who can grant utility permissions in an Azure account is essential.

Azure for Auditors

This can be a presentation given about Azure to Auditors to elucidate what to search for on an Azure Audit or safety evaluation. New instruments exist now in Azure that didn’t exist on the time of this presentation.

Azure Safety Assessments

Tanja Janca (SheHacksPurple) and I gave this presentation at Microsoft Construct, OWASP AppSec day in Melbourne, Australia, on her podcast, and the presentation went to DefCon however I opted out of that one.

Cloud Safety Displays

A lot of my common cloud safety displays are relevant to Azure.

When the Cloud Runs Out of VMs

Associated to the problems with Azure assist, at one level I couldn’t create a VM. Any VM. I contacted Azure assist however I already advised you the way that went. Hopefully that is resolved now as individuals all around the world appeared to be having this drawback on the time. This can be a safety drawback as a result of you probably have an utility with a vulnerability and must deploy a VM and might’t — you’ve a denial of service concern. I did discover a workaround described on this put up.

Stop Azure Makes use of from Creating New Tenants

On this put up I reviewed a brand new Azure function that’s alleged to disallow customers from creating new tenants. I discovered some attention-grabbing habits when testing it.

Azure Assist Diary (or Diatribe)

That is most likely too boring to learn in full however I documented my expertise with Azure assist for about an 8 week interval. It was irritating, however I hope by documenting it a few of this acquired mounted. The most important issues are:

#1. Azure Assist sends issues in electronic mail exterior the assist portal to allow them to’t be correctly tracked.

#2. Azure assist wasn’t screenshots I uploaded.

#3. Consistently replies on tickets after I request to shut them and couldn’t shut them myself.

#4. Went round in circles for one thing that didn’t work for weeks earlier than they lastly admitted it was a bug. I additionally discovered and reported different bugs.

There’s extra however these had been essentially the most egregious issues. I actually hope this helped and a few of these issues acquired mounted as a result of I’ve had these issues since Day 1 utilizing Azure and it’s why I usually don’t pay for assist. I find yourself resolving most of my issues by myself. When you can’t get the assist you want once you want it, this may very well be a safety drawback. I presume bigger corporations that spend much more than I do get higher assist. 🙂

A lot of the posts I’ve written for different cloud environments when it comes to assault vectors, architectures, and safety controls are relevant in Azure. You’d simply implement them with Azure-specific constructs.

Observe for updates.

Teri Radichel

When you preferred this story please clap and observe:

******************************************************************

Medium: Teri Radichel or E-mail Checklist: Teri Radichel
Twitter: @teriradichel or @2ndSightLab
Requests providers through LinkedIn: Teri Radichel or IANS Analysis

******************************************************************

© 2nd Sight Lab 2022

____________________________________________

Writer:

Cybersecurity for Executives within the Age of Cloud on Amazon

Want Cloud Safety Coaching? 2nd Sight Lab Cloud Safety Coaching

Is your cloud safe? Rent 2nd Sight Lab for a penetration check or safety evaluation.

Have a Cybersecurity or Cloud Safety Query? Ask Teri Radichel by scheduling a name with IANS Analysis.

Cybersecurity & Cloud Safety Sources by Teri Radichel: Cybersecurity and Cloud safety lessons, articles, white papers, displays, and podcasts



RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisment -
Google search engine

Most Popular

Recent Comments