Discover and read the best of Twitter Threads about #AutoWarp
Most recents (1)
I found a vulnerability in #Azure allowing me to access Azure accounts of companies worth billions
We all know vulnerabilities exist. This isn't an injection, XSS, or RCE.
But the crazy thing about it?
It took 2 hours to discover. 🤯
Here's the story of #AutoWarp👇 (1/10)
We all know vulnerabilities exist. This isn't an injection, XSS, or RCE.
But the crazy thing about it?
It took 2 hours to discover. 🤯
Here's the story of #AutoWarp👇 (1/10)
Scrolling through the endless list of Azure services, I’m looking for a new target
So I click “Automation Accounts” not really knowing what it even means. I quickly realized that this is basically a service for running Python & PowerShell scripts. 🧐 (2/10)
So I click “Automation Accounts” not really knowing what it even means. I quickly realized that this is basically a service for running Python & PowerShell scripts. 🧐 (2/10)
I uploaded a reverse shell script and started typing every Windows command I could remember
The real fun started when I found this suspicious log on the machine:
"Creating asset retrieval web service. [assetRetrievalEndpoint=http://127.0.0.1:40008]" (3/10)
The real fun started when I found this suspicious log on the machine:
"Creating asset retrieval web service. [assetRetrievalEndpoint=http://127.0.0.1:40008]" (3/10)
