Discover and read the best of Twitter Threads about #Azure

Most recents (24)

1/ We recently had an interesting #Azure case where the TA, instead of creating a new Inbox Rule, added email addresses of interest to the list of blocked senders and domains.

The incoming emails will get flagged as spam and moved to the Junk email folder. 📂

🧵
2/ Here is a screenshot from Outlook web access

(the view might differ, as, for example, here on the screenshot from the theitbros [1]) Image
3/ And here from an Outlook client: Image
Read 11 tweets
Amazing FREE Cyber Security Courses

Help you get started or get better at things like Cloud ☁️

— Cyber Foundations —
ISC(2) Certified in Cyber - lnkd.in/e6jB_6af
Cyber Security - lnkd.in/eueCSF6A
Cisco Cyber Induction - lnkd.in/e8C3jacc
Cisco Cyber Essentials - lnkd.in/eTQNsbyF
Fortinet NSE - lnkd.in/es3c_Q6E

— Hacking —
PortSwigger Web Hacking - lnkd.in/eEa-fNfu
CodeRed Hacking Essentials - lnkd.in/eJbyZp_9
#RedTeaming - lnkd.in/et_T2DEa
— Vulnerability Management —
#Qualys - lnkd.in/eDWu2zyT

— SOC —
#Splunk - lnkd.in/et5bkjeY

— Engineering —
Secure Software Development - lnkd.in/ebGpA4wG
Maryland Software Security - lnkd.in/e3z4zFmJ
Read 4 tweets
🥷Security in #Azure | Mega thread 🥷

1. What is Azure? azure.microsoft.com/en-us/overview…

2. #AWS #Security Maturity Roadmap summitroute.com/downloads/aws_…

3. #Hunting Azure Blobs Exposes Millions of Sensitive Files cyberark.com/resources/thre…
4. Tutorial: Discover and manage shadow IT in your network docs.microsoft.com/en-us/cloud-ap…

5. Use tags to organize your Azure resources and management hierarchy docs.microsoft.com/en-us/azure/az…

6. Resource naming and tagging decision guide docs.microsoft.com/en-us/azure/cl…
7. Assign policy definitions for tag compliance docs.microsoft.com/en-us/azure/az…

8. What are Azure management groups? docs.microsoft.com/en-gb/azure/go…

9. Use cost alerts to monitor usage and spending docs.microsoft.com/en-us/azure/co…
Read 13 tweets
Knowing Azure Monitor is a must for many roles. But are there other monitoring services you should learn?

There’s monitoring for security, networks, SQL, and more. Some within Azure Monitor, others are elsewhere.

For apps, one you should know is Application Insights. Image
App Insights can help you:
🧠 Understand usage trends 
🧠 Monitor performance live
🧠 Map application components

You can even use AI/ML to perform "smart monitoring" to analyze and detect failures and anomalies in your app proactively.
🧙‍♂️If your app is running in Azure, you can enable this automagically.

There's an approach called autoinstrumentation which works on Azure App Service, Azure Functions, and VMs.

As long as you use a supported language, you can gather telemetry without modifying code.
Read 6 tweets
📚 Excellent article on #Phishing techniques targeting #O365 and #Azure🎣 Traditional phishing, device-code authentication, illicit consent grant attacks... it is not easy to make it simple on this topic, and it's the case here! riskinsight-wavestone.com/en/2023/03/ill… Image
1️⃣ Obviously, the traditional phishing attack is simple to implement in the absence of multi-factor authent 🔐 We know what to do!
2️⃣ More tricky, device-code authent attack: the attacker’s objective is to get the victim to fill in his device code on the Ms devicelogin page🔥
3️⃣ Conditional access policies can be used to prohibit suspicious connections from devices not under the control of the company👍
4️⃣ The illicit consent grant attack relies on the ability of an attacker to create an app that requires permission to be granted 💣
Read 4 tweets
Are you tired of being stuck in the same old IT routine? Do you crave the excitement of constantly learning and adapting to new technologies? Are you ready to become a #DevOps superhero, saving the day with your coding skills and infrastructure expertise?

🧵 What is #DevOps Dev?
🌻A #DevOps developer's job is to bridge the gap between development and operations teams. They work to automate and streamline the software delivery process, ensuring that applications are deployed quickly, reliably, and securely.
🌻 So, what is #DevOps?

It is a set of practices that combines software development (Dev) and IT operations (Ops). It aims to shorten the systems development life cycle while delivering features, fixes, and updates frequently in close alignment with business objectives.
Read 12 tweets
It's free content Friday ... read on for some great free #AWS, #AZURE and #fundamental content you can, and should checkout RIGHT NOW :)

If this is useful, please retweet and follow me for future content :)

Thread 1/5
Let's start with #AZURE, did you know that @jamesdplee over at @cloudleeio has two FREE courses ?

learn.cloudlee.io/p/getting-star…
learn.cloudlee.io/p/getting-star…

If you like them, consider supporting him via his paid content learn.cloudlee.io/?affcode=14065…

Thread 2/5
I have Docker and Technical fundamentals courses which are free to use over at learn.cantrill.io

learn.cantrill.io/p/tech-fundame…
learn.cantrill.io/p/docker-funda…

Thread 3/5
Read 5 tweets
So you wanna do some #azure #recon:

I give you a few pointers.
👇
Step 1: Say kiitos to @DrAzureAD then install AADInternals, set your phasers to stun and your POWAHSHELL to german to ensure MAXIMUM efficiency german powershell screenshot
To import the modul you might have to set your execution pawliciy 🐾.
For maximum fun we can set this to
Set-ExecutionPolicy unrestricted
on our managed company super safe devices. Do some privesc first if needed 😀
Read 9 tweets
State of the #Cloud 2023: An in-depth report on the latest trends and risks ⛈

#cloudsecurity #CNAPP #CISO #Engineer

Report highlights in thread 🧵 or download the full report for free here 👇
wiz.io/blog/the-top-c…
☁️ The responsibility of #security professionals to stay up-to-date on the state of the #cloud has never been greater.

🛡 With cloud adoption continuing to grow, it is crucial to proactively address potential threats and ensure secure deployment of solutions.

🧵2/6
☁️ The number of API calls increased by 15% in #AWS, 20% in #Azure, and 45% in #GCP, leading to expanded attack surfaces.

👨‍🏫 57% of companies use more than one #cloud platform, requiring greater knowledge from #cloudsecurity teams.

🧵3/6
Read 6 tweets
This week I added 5 new functions to #BARK. A quick thread explaining each one with examples:
Get-ServicePrincipalOwner

List the current owner(s) of a specified #Azure AD Service Principal.

Example:
New-ServicePrincipalOwner

Add a new owner to an AAD Service Principal. Owners can add credentials to SPs and then auth as them.

Example:
Read 8 tweets
Azure App Service Web Apps are yet another #Azure service that supports managed identity assignments.

Here's how attackers can use #BARK to abuse those assignments: Image
There are at least 3 ways to achieve code execution on an Azure App Service Web App ("Azure Web App" from here on) instance:

1. The Kudu shell execution API endpoints
2. Poison deployment to include a web shell in the app
3. Find a cmd execution vulnerability in the deployed app
We'll focus on #1 - abusing the built-in Kudu shell execution endpoints.

This is the feature the Azure GUI uses as its "Debug Console" and is documented here: github.com/projectkudu/ku…

@kfosaaen discussed this in his August 2020 blog post here: netspi.com/blog/technical… Image
Read 9 tweets
How do you connect different networks in #Azure? The primary was is through VNET peering. In this thread, I'm going to do a quick breakdown to help you understand this cloud magic! Image
Azure VNET Peering allows you to connect two Azure virtual networks (VNETs) creating a secure and fast connection between the two.

This allows communication between resources in the two VNETs without going through the public internet but instead over the Microsoft backbone!
There are two types of VNET peering - "Global VNET Peering" & "Regional VNET Peering." Global VNET Peering enables connectivity between virtual networks in different regions. ImageImage
Read 7 tweets
Hoy les quiero compartir este 🧵HILO 🧵 sobre el CRECIMIENTO del CLOUD COMPUTING ☁️💻 en los ultimos años y cuales son sus proyecciones a futuro para los proximos años.
Estuve involucrado en varios proyectos en estos últimos meses donde específicamente teníamos que utilizar servicios de la nube para análisis de datos en gran escala y quede sorprendido de la cantidad de nuevos servicios que ofrecen tanto #AWS #Azure #Google 🤯
Es por eso que quiero compartirles este hilo 🧵 con información valiosa para tener en cuenta a la hora de estimar el crecimiento de este sector para las principales compañías de bolsa que ofrecen estos servicios.
Read 17 tweets
Kubernetes Tutorials For Beginners📚

1️⃣What Is Kubernetes Architecture?
spacelift.io/blog/kubernete…

2️⃣Kubernetes Basic Concepts & Examples
spacelift.io/blog/kubernete…

#devops #kubernetes #k8s #linux #docker #sysadmin #Azure #infrastructureascode #serverless #terraform #ansible
3️⃣ How to Manage Secrets in Kubernetes – A Complete Guide
spacelift.io/blog/kubernete…

4️⃣ Kubernetes Security: 5 Best Practices for 4C Security Model
spacelift.io/blog/kubernete…
5️⃣ Kubernetes Ingress with NGINX Ingress Controller Example
spacelift.io/blog/kubernete…

6️⃣ 15 Kubernetes Best Practices Every Developer Should Know
spacelift.io/blog/kubernete…
Read 3 tweets
1/ #Azure In a recent case, the TA was able to compromise the user despite MFA (MFA fatigue).

After logging in, the attacker registered another mobile number as "Alternate Mobile Phone Call".

In the audit logs, we see this event within "Authentication Methods":

🧵 #DFIR
2/ The audit logs are a goldmine for finding suspicious behavior in an Azure tenant.

If we filter by "Core Directory", "UserManagement" and "Update user" ..
3/ .. we also see the ModifiedProperties (the modifications done by the attacker).

Notice, the primary Phone Number is a Swiss mobile phone (+41), and the attacker added a number from the United Arab Emirates (+971).

Suspicious? You bet!
Read 4 tweets
Amazing FREE Cyber Security Courses

Help you get started or get better at things like Cloud ☁️

— Cyber Foundations —
ISC(2) Certified in Cyber - lnkd.in/e6jB_6af
Cyber Security - lnkd.in/eueCSF6A

#cybersecurity #infosec #hacking
Cisco Cyber Induction - lnkd.in/e8C3jacc
Cisco Cyber Essentials - lnkd.in/eTQNsbyF
Fortinet NSE - lnkd.in/es3c_Q6E

— Hacking —
PortSwigger Web Hacking - lnkd.in/eEa-fNfu
CodeRed Hacking Essentials - lnkd.in/eJbyZp_9
#RedTeaming - lnkd.in/et_T2DEa

— Vulnerability Management —
#Qualys - lnkd.in/eDWu2zyT

— SOC —
#Splunk - lnkd.in/et5bkjeY

— Engineering —
Secure Software Development - lnkd.in/ebGpA4wG
Maryland Software Security - lnkd.in/e3z4zFmJ
Read 4 tweets
Role Based Access Control (RBAC) is arguably one of the biggest headaches for engineers in a Kubernetes cluster.

However, there are certain ways to make it far easier.

A thread 🧵
Before jumping into that, let's talk about RBAC.

When you're trying to access a Kubernetes cluster and perform an action, it takes two roles:

- Authentication
- Authorization
Authentication gets you into the cluster. Authorization allows you to perform a certain action in a cluster.
Read 7 tweets
In the spotlight this October: #Azure #techtalks. You truly were engaged last month when it came to this topic so we decided to do a collection of the best meetups about Azure. Deep dive into containers, architectures, downtime upgrades and more. Enjoy!

blog.meetupfeed.io/azure-october-…
Azure and Containers, the Tale of the Two Inseparable Friends via @yashints

If you ask someone how to run a container, they will most probably answer AKS or Azure Kubernetes Services. But is that the only way?
Event Driven Architectures on Azurevia @graefoster

Ever wondered how to build event-driven architectures on Azure, and what pitfalls to look out for?
Read 8 tweets
How a simple web-app assessment lead to complete #AzureAd tenant takeover 🤯
🧵 👇
#Azure #AzureKubernetesService #aks #Kubernetes #KubernetesSecurity #k8s #bugbounty #bugbountytips #bugbountytip #DevSecOps
1. Poorly-designed file upload functionality lead to RCE
2. Turned out the app was running in a container managed by #AzureKubernetesService (#AKS)
3. #Container was mounting a service account with permissions to deploy #pods in the same namespace
4. I deployed a new pod with hostPath root volume. Deployment was not blocked by any security policy. #Pod got deployed
5. I exec-ed into the pod's #container and escaped it through its hostPath volume. #privesc to the #AKS node succeeded!
Read 7 tweets
[1/15] Die News rund um #FLR/#SGB und @FlareNetworks reißen nicht ab! Soeben noch über #FIP.01 geschrieben, postet (FlareN.) $FLR / $SGB jetzt über die neue Partnerschaft mit @GoogleCloudTech

Meine kurze Einschätzung und ein Blick auf den GoogleCloud Blogeintrag in einem 🧵👇
[2/15] Fangen wir damit an die Größe der "#Cloud" einmal zu quantifizieren und in Zahlen einzufangen:

• Welche Player sind auf dem Markt?
• Welche Infra. hat wieviel % vom Kuchen?
• Wie Groß ist der Kuchen und wird er noch größer?
• Was wird angeboten? Source: https://cdn.statcdn...
[3/15] 👉 Wer sitzt am Tisch?

Wenn wir ganz ehrlich sind gibt es nur 3 namenhafte Anbieter, die heute ihre Anwendung finden.

Dazu gehören:
#AWS (Web/Email-Server, Dev-Tools, ML, Container)
#MS #Azure (Interne Firmen- u. Netzwerkinfra.)
#GCP (VM, AI, Storage, IaaS) Source: https://intellipaat...
Read 16 tweets
1/ Perhaps a lesser known "feature" of Microsoft Authenticator, but the diagnostic data can be very helpful in investigating a compromised #Azure account where MFA is enabled but the user claims not to have confirmed the MFA Consent Prompt. 🧵
2/ You will find the diagnostic data here:

Authenticator App
▪️ Burger Menu
▪️ Send feedback
▪️ Having trouble?
▪️ View diagnostic data

Click "Copy all" and send the text via mail or other ways to your analysis device. Image
3/ When logging into an MFA protected (the second factor is the Consent Prompt) account, we see the following entries (abbreviated) in the Authenticator diagnostic data:
Read 10 tweets
Do you need a #multicloud #strategy? Most likely, not. Just use one cloud that fits your needs.

The chances are that your project is multi-#cloud, anyway. There are nuances, of course.

One is TRAFFIC. The cost can go up depending on the path it follows.

A thread 👇🧵

1/6 Image
The bigger the company, the bigger the chance that you are already using multiple #clouds. Generic public clouds (#AWS, #GCP, #Azure), private clouds (#VMWare, #Nutanix), and specialized clouds (#Cloudflare, #Vercel) can all be combined together for the benefit of your org.

2/6
If you have just a few GBs of traffic a month, then this would most likely not have a big impact on your #cloud #costs. But if you have more than a few GBs per hour, a #multicloud setup may bring you some surprises.

3/6
Read 6 tweets
#Azure Managed Identity assignments are "secure by default."

Dangerous attack paths can emerge around these assignments.

Here's those attack paths emerge, how attackers abuse them, and how defenders can eliminate them: 🧵
First we should understand what Managed Identities are. I think the best way is to understand the problem they are designed to solve.

We have a great recent example of this problem from the alleged Uber breach, where a PowerShell script may have been storing plain text creds:
This problem is not new and not surprising to many people:
Read 25 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!