Discover and read the best of Twitter Threads about #azure

Most recents (24)

💡Are you ready for to start building microservices and containerized apps?

🎉Azure Container Apps is ready for production, and here's all the info you need to get started... 🧵

#MSBuild #containers #azure cc:@AzContainerApp
Starting from scratch, you can use:

🖥️A sample image bit.ly/ca-qs1
💻 Your own image bit.ly/ca-qs2
‍💻 Code on your machine bit.ly/ca-qs3

Plus use private or public registries & use the Azure portal, CLI, or an editor!

#MSBuild #containers #azure
🗣️Learn to enable communication between microservices

👉 bit.ly/ca-tut1

#MSBuild #containers #azure
Read 20 tweets
I was able to access #Azure user credentials and run code on other customers’ machines.
The vulnerability is called #SynLapse.

It was a vulnerability in Azure Synapse Analytics (@Azure_Synapse) & Azure Data Factory, exploiting a major flaw in the tenant separation.

(1/3)
Through access to an internal API server I was able to:
- Obtain access to other customers’ Synapse workspaces
- Perform API operations like adding/deleting resources
- Run code on their service machines
- Most importantly: leak all credentials they stored in the service.

(2/3)
This blog is an advisory surrounding this issue, where the root attack vector was patched and assigned CVE-2022-29972.

>>> Technical details soon.
>>> Microsoft’s blog is in the comments.

(3/3)

orca.security/resources/blog…
Read 4 tweets
☁ You will likely encounter pushback when moving to the cloud. Moving to something new may seem risky and unnecessary to the developers. This requires a cultural shift.

💎 Here are some tips on how to tackle this problem.

#cloud #googlecloud #azure #aws
1. Sync with cross-functional teams early and often. Train them so they understand the benefits of the cloud and are comfortable and knowledgeable using it.
2. Help teams understand the benefits, the project's processes, the desired goals and outcomes.
Read 6 tweets
1/ #Azure #Hardening Tip #5: Legacy authentication to bypass MFA in Azure AD

"One of the most common methods used by attackers to gain access to Azure tenants is credential theft or password spraying with legacy authentication protocols. Legacy authentication protocols
2/ do not support MFA and (if enabled) can be used to gain access to hosted data and resources via Azure AD."

☝️Quote from the M-Trends 2022 Report.

A few weeks ago, I created a presentation titled "Attack target Azure", where these two points are also outlined as the most
3/ common methods (used by attackers) into Azure Tenants.

To better secure Azure Tenants, I recommend creating an evaluation of the applications that still use legacy authentication protocols. The use of these protocols should be prevented with Conditional Access Policies (CAP).
Read 6 tweets
What is CI/CD?

Continuous integration (CI) and continuous delivery (CD) are two approaches to software development that are designed to improve code quality and enable rapid delivery and deployment of code.

#DevOps #CICD #Cloud #Agile #Testing #Cloud #Linux #Security #ITjobs
A modern CI/CD pipeline in DevOps has build, test, and deploy stages-and aims to automate as many of the processes within these stages as possible.

1. Source Code: Changes to source code can trigger CI/CD tools to initiate the pipeline, or the CI/CD pipeline may be triggered
by automated scheduled work sessions or user-initiated workflows.
2. Build: The new code changes to applications are created and compiled to be prepared for the testing phase.

3. Testing: Testing automation via CI can save developers tremendous time and effort.

#Testing
Read 8 tweets
According to Russia 🇷🇺 "The unexpected reveal of "innocent patients" with assault rifles showcased how the Ukrainian military uses ambulances." 🚨

Their proof? A video of 21 sec.

What do we see? Investigate! 👇 1/...

#OSINT 🔎
#Verification 🎥
#GeoLocation 🌍
#HowToOSINT 🧐
The investigation on this tweet from the Ministry of Foreign Affairs of Russia is a team effort together with @Techjournalisto, @ArchitMeta and @akhmxt.

(Follow them if you like these kind of #OSINT-investigations.)

The short video is viewed more than 110K times. 2/...
Armed men emerge from a van bearing the logo of the Red Cross.

The International Red Cross (ICRC) has a neutral status, also in the war in #Ukraine.

Do we see a recent war crime by the Ukrainian army in this clip? 3/...
Read 35 tweets
Application Security is one of the top skills that every tech firm is aggressively looking for 🚀

If you are a person who wants to make a great career in AppSec, this thread is for you 👇

🧵

#applicationsecurity #infosec #cloudsec #azure #aws
Five ways you could teach yourself Application Security

1 / 5
Five ways you could teach yourself Application Security

2 / 5
Read 8 tweets
I found a vulnerability in #Azure allowing me to access Azure accounts of companies worth billions

We all know vulnerabilities exist. This isn't an injection, XSS, or RCE.

But the crazy thing about it?
It took 2 hours to discover. 🤯

Here's the story of #AutoWarp👇 (1/10)
Scrolling through the endless list of Azure services, I’m looking for a new target

So I click “Automation Accounts” not really knowing what it even means. I quickly realized that this is basically a service for running Python & PowerShell scripts. 🧐 (2/10)
I uploaded a reverse shell script and started typing every Windows command I could remember

The real fun started when I found this suspicious log on the machine:
"Creating asset retrieval web service. [assetRetrievalEndpoint=http://127.0.0.1:40008]" (3/10)
Read 10 tweets
Here are all #Azure #Subscription types explained - some of which you may not hear of

🧵👇
➡ Free
For new accounts, $200 credits on registration, valid for the first 30 days and include free services. No cryptomining, no quota increase, limited support. After 30 days or after spending the credit, users need to upgrade the subscription.
The upgrade will allow you to continue using services for free for another 11 months (for example, 750h of Free B1s VM, 5GB LRS storage, 250GB SQL DB, ...) and a bunch of always free services. Other services will be billed to your cc.
Read 15 tweets
Wanna Learn Azure in 30 Days? 🚀
Here's Day 5 of 30 and will be learning today💯:

🪣 Azure Storage Services
🕸️Azure Virtual Networks

Let's go!
#azure #learningazure #cybersecurity #AzStorage
(1/n)
🪣 Azure Storage Services : Azure provides scalable data objects for different sorts of service like Disk Storage for VMs, File Systems, Messaging Storages and NoSQL.

➼ AZ Storage Objects are managed by Storage A/c

➼ Azure Storage Account contains all data objects

(2/n)
➼ Storage Account comes with different performance types, these includes :
➼ Standard : Comes with General Purpose V2
➼ Premium : Comes with -
(a) Block Blobs : High Transfer Rate & Low Latency
(b) File Shares : High Performance & Scalable
(3/n)
Read 10 tweets
Wanna Learn Azure in 30 Days? 🚀
Here's Day 4 of 30 and will be learning today💯:

👨‍💼Azure Resource Manager (ARM)
🖥️Core Compute Services

(1/n)
#azure #cybersec #az #cloud #LearnAzure #learningazure
🧑‍💼Azure Resource Manager (ARM) : It provides management layer for all resources in Azure.

➼ All platforms from where we can manage cloud resources such as Portal, Az Module, AZ CLI, Rest API or SDKs, all communicate with ARM to perform actions in environment

(2/n)
➼ When request from any platform is sent to ARM then performs authentication and then forward request to resources providers for actions.

➼ ARM also includes templates known as (ARM Templates) for deploying resources repeatable and consistently.

(3/n)
Read 9 tweets
There are two very interesting new cmdlets in this release:

Invoke-AzureVMUserDataCommand and Invoke-AzureVMUserDataAgent.

In this thread I'll offer my thoughts on how these can be used for extremely hard-to-detect #Azure c2:
This c2 technique is based on Azure IMDS: docs.microsoft.com/en-us/azure/vi….

This service is accessible to every VM in Azure. As far as I know, there's no reason to ever disable this service for a VM, so it should always be accessible to every Azure VM.
IMDS's REST API is available to each VM at the non-routable, local IP of 169.254.169.254.

In April of this year, Microsoft introduced an IMDS feature called "User Data": azure.microsoft.com/en-us/updates/…
Read 9 tweets
Looking for the best #Career related videos in November? Look no further, we have already selected them for you!🥳

blog.meetupfeed.io/it-career-meet…

#programming #tech
🔥First up: Dive into matters with @HelenJoScott , who tells you all the things you need to know besides how to write code well. Find out how you can be an extraordinary #developer wanted by many headhunters.

meetupfeed.io/talk/tech-talk…

@WomenWhoCode
Jump into #accessibility and let @RobPreciousA11Y elaborate on the triggers that start accessibility work at a company. @Techyrey continues by making it easier for you to stand out.🔝
meetupfeed.io/talk/an-introd…

@manc_web
Read 7 tweets
Thread:

API permissions in #Azure can be configured such that attack paths leading to Global Admin emerge. Prior work and links to our work below:
Blog: Azure Privilege Escalation via Azure API Permissions Abuse posts.specterops.io/azure-privileg…
Read 7 tweets
Watching @NetAppINSIGHT keynote? Me too. Here are my quick thoughts. A 🧵

#NetAppINSIGHT /1
IMO, #NetApp was the traditional on-premises #Storage vendor that moved faster to the #Cloud. They created the #DataFabric vision a few years ago and are delivering value today.

#NetAppINSIGHT /2
With ONTAP services available on #AWS, #Azure and #GoogleCloud, I can compare what #NetApp is doing with #Storage to what #VMware is doing with virtual machines: providing existing customers an easier path to #Cloud migration.

#NetAppINSIGHT /3
Read 10 tweets
100+ Free Cloud Computing Courses for Beginners
learn AWS, GCP, Azure
All more than 4 ⭐️⭐️⭐️⭐️

A thread 🧵

#Cloudcomputing #AWS #GCP #Azure
6 Best Free Online Courses to Learn Microsoft Azure Cloud Platform and Services in 2021 - Best of Lot
java67.com/2020/07/5-free…
5 Free Online Courses for AWS Solution Architect Professional Exam in 2021
java67.com/2020/10/5-free…
Read 14 tweets
/1 Thought of doing a thread on Akash $AKT, explaining why it could be a game-changer in the decentralised cloud computing space. @akashnet_ has leveraged blockchain to build a decentralised cloud hosting solution that seeks to disrupt the cloud computing industry. #AWS #Azure
/2 Akash is the first distributed peer-to-peer open cloud computing marketplace. Akash is a serverless computing platform. Think #Uber, think #AirBnb. Akash cuts out the middleman in a similar vein.
/3 Hence, Akash is positioned to disrupt giants in the industry such as #AWS, #Azure and #Google, much the same way Airbnb disrupted the lodging and vacation rental industry.
Read 14 tweets
Top 10 resources to use while preparing for AWS Certification Exams: #AWS #cloud

🧵 A Complete Thread 🧵
👇 Make sure to retweet this 🤗
1. Explore Amazon Web Services (AWS) Website:
Link: amzn.to/3xxj4u6

Explore any topic in depth using AWS White Papers:
Link: amzn.to/3qZ95LH

#Azure #cloudcomputing
2. The best way to learn anything is by getting your hands dirty.
Start your AWS journey by creating AWS account.

Link: amzn.to/2UFsW6h
Read 13 tweets
List of all the EVENTS for this month (July 21) for FREE Microsoft Azure Certifications by Microsoft:
#CloudComputing

🧵A Complete Thread 🧵
👇 Make sure to retweet and bookmark this 😇
After getting 200+ DM requests and exploring MS official event website, here are all the events with registration links down below. ☁️☁️
#Azure #cloud #Azure #GCP

Certifications Covered:
Microsoft's 💻
1. Azure Fundamentals
2. Azure Data Fundamentals
3. Azure AI Fundamentals
A) Microsoft Azure Fundamentals certification exam

Event 1: 19 July & 20 July 2021

mktoevents.com/Microsoft+Even…

Event 2: 20 July and 21 July

mktoevents.com/Microsoft+Even…
Read 9 tweets
How to earn free Microsoft Azure Cloud Certification??
Without Spending A Single Penny 💰☁️
#CloudComputing

🧵A Complete thread 🧵
🔆👇 Make sure to retweet this 🤗
Microsoft is offering free training and certifications for basic level certs. So go and grab this opportunity...!

Certifications Covered:
1. Azure fundamentals AZ 900
2. Data Engineer DP 203
3. AI Fundamental AI 900

#aws #oracle #alibaba #Azure
Step 1:
Visit MS Official Events Page-
events.microsoft.com/?timeperiod=ne…

Step 2:
Select filter 'Cloud Platform'. Choose you preferred language and Search for events

Step 3:
Select Any event and Register for it. Make sure to check for free Certification voucher.
Read 9 tweets
Super happy to ship Azure Web Pub Sub! A new azure service for doing pure websockets + HTTP triggering!
azure.microsoft.com/en-us/blog/eas… #azure #websockets
How is it different from SignalR you ask? Well internally it's built on the same underlying tech but the big difference is that there's no client requirement or protocol requirement, BYOWL (bring your own websocket library).
The mainline scenarios are also focused on severless so we can handle your long running websocket connections and trigger HTTP calls to any backend. It can be azure functions or any addressable HTTP endpoint!
Read 12 tweets
How can I start a career in #risk management in the financial services industry?
@GARP_Risk @PRMIA @RIMSorg @actuarynews @SOActuaries @CQFInstitute @CFAinstitute
I believe they are many degrees that can be a good value for money, provided you know where you would like to work in the long run.
In the developing world markets, employers still don't appreciate highly technical education in risk, actuarial sciences, financial engineering, quantitative economics, machine learning, etc.

For them, an #MBA is a be-all and an end-all troubleshooter.
Read 22 tweets
🏅10x Cloud Certified with Microsoft Certified: Azure Fundamentals

This exam covers #Azure fundamentals, high-level knowledge and working of cloud services within @Microsoft Azure.

Credly's Badge: lnkd.in/dRJP5_3

#microsoftazure #certification #devops #cloudcomputing
🎯 𝗘𝘅𝗮𝗺 𝗗𝗲𝘁𝗮𝗶𝗹𝘀:
🔖 Code: AZ-900
🔖 No of questions: 40-60
🔖 Passing score: 70% (700/1000)

💡 𝗦𝗸𝗶𝗹𝗹𝘀 𝘃𝗮𝗹𝗶𝗱𝗮𝘁𝗲𝗱:
- #Cloud concepts & Core Azure services
- General security & networking
- Identity, governance, compliance, & SLAs Image
⭐ 𝗥𝗲𝘀𝗼𝘂𝗿𝗰𝗲𝘀:
🔗 Exam details: lnkd.in/dmuQyMU
🔗 Self-paced Training: lnkd.in/drrgCsE
🔗 Free Whizlabs Practice Test: lnkd.in/dN9N-a8
🔗 Pluralsight: pluralsight.com/paths/microsof…

Keep exploring, stay hungry and keep learning! 😊
- @PriyankVaghela_
Read 4 tweets
Because several people have asked me now, here is a list of the things which annoy me about #Azure.

No trolling, simple but honest feedback:
I'll start with Azure Functions. In Azure I cannot just deploy code as a function like I can in AWS or GCP. I have to create an entire application. It's even called Azure Function App. The Function App then can have one or many functions.
This is very obvious because I have to create an actual project in code and I cannot configure things like environment variables per function but only for an entire function app. Even worse, the app mode heavily leaks into my code.
Read 28 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!