DEF CON 29 Cloud Village - Karl Fosaaen - Extracting all the Azure Passwords
Whether it's the migration of legacy systems or creation of brand-new applications, many organizations are turning to Microsoft’s Azure cloud as their platform of choice. This brings new challenges for penetration testers who are less familiar with the platform, and now have more attack surfaces to exploit. In an attempt to automate some of the common Azure escalation tasks, the MicroBurst toolkit was created to contain tools for attacking different layers of an Azure tenant. In this talk, we will be focusing on the password extraction functionality included in MicroBurst. We will review many of the places that passwords can hide in Azure, and the ways to manually extract them. For convenience, we will also show how the Get-AzPasswords function can be used to automate the extraction of credentials from an Azure tenant. Finally, we will review a case study on how this tool was recently used to find a critical issue in the Azure permissions model that resulted in a fix from Microsoft.
Watch video DEF CON 29 Cloud Village - Karl Fosaaen - Extracting all the Azure Passwords online without registration, duration hours minute second in high quality. This video was added by user DEFCONConference 11 September 2021, don't forget to share it with your friends and acquaintances, it has been viewed on our site 1,80 once and liked it 3 people.