Join the IGEL Community for our December Meetup, hosted by Sébastien Pérusat.
Our guest this month is Benedikt Strobl who will present a genius live Hack on our IGEL Community: Privilege Escalation in the Azure Cloud.
In addition to the well-known Office 365 products, Microsoft also offers cloud infrastructures in the Azure Cloud. What this usually ignores is that both rely on the same user management (Azure Active Directory). Misconfigurations, poor organization of administration rights, and non-observance of inheritance chains can therefore lead to serious security problems in both Office 365 and Azure infrastructures. In this presentation, NSIDE ATTACK LOGIC GmbH describes the theory of such attacks and shows one in practice: via several escalation levels, an unprivileged cloud account gains control over the entire cloud infrastructure.
You will also learn:
Service principals and managed identities
Scenario: Vulnerable Cloud Environment
Live Hacking Demo: Privilege Escalation of an Unprivileged User in a Cloud Environment
How can you protect your cloud environment?
Desired prior knowledge: Technical/specialist audience, does not require deep technical understanding - but should have a technical affinity (understand complex issues and have a basic technical understanding).
December 1st, 2022 at 17:00 - 18:00 CET / 11:00 AM EDT / 8:00 AM PDT