filmov
tv
SAINTCON 2018 - Bryce Kunz - Blue cloud of Death: Red Teaming Azure
Показать описание
Title: Blue cloud of Death: Red Teaming Azure
Speaker: Bryce Kunz
Conference: SAINTCON 2018
Location: Track 2
Date: 2018-09-25
Time: 01:30pm -- 02:30pm
On-demand IT services are being publicized as the new normal, but often times these services are misunderstood and hence misconfigured by engineers which can frequently enable red teams to gain, expand, and persist access within Azure environments. In this talk we will dive into how Azure services are commonly breached (e.g. discovering insecure blob storage), and then show how attackers are pivoting between the data & control planes (e.g. mounting hard disks, swapping keys, etc...) to expand access. Finally we will demonstrate some unique techniques for persisting access within Azure environments for prolonged periods of time.
Speaker: Bryce Kunz
Conference: SAINTCON 2018
Location: Track 2
Date: 2018-09-25
Time: 01:30pm -- 02:30pm
On-demand IT services are being publicized as the new normal, but often times these services are misunderstood and hence misconfigured by engineers which can frequently enable red teams to gain, expand, and persist access within Azure environments. In this talk we will dive into how Azure services are commonly breached (e.g. discovering insecure blob storage), and then show how attackers are pivoting between the data & control planes (e.g. mounting hard disks, swapping keys, etc...) to expand access. Finally we will demonstrate some unique techniques for persisting access within Azure environments for prolonged periods of time.
0:55:16
0:52:24
0:43:01
0:48:29
0:32:38
0:38:36
1:24:33
0:17:12
3:40:35
0:44:04
1:15:14
0:25:55
0:35:06
0:17:49
0:52:17
0:52:06
0:46:33
0:14:23
0:54:25
0:53:00
0:36:51
0:23:49
0:05:58
0:01:08