Azure VM Security: Part 1: Moving from management plane to data plane and the Run Command

Introduction This is the first of a series where I will be exploring the ways a threat actor can move from the Azure Management plane, into the operating system level of Azure Virtual Machines. This series will be dealing with the security properties (and attacks) that exist specifically because this is an Azure VM. The normal security measures at the OS and network level are obviously still relevant, but is not something I will detail here....

March 3, 2023 · 9 min · soroganoth

Deep dive into some interesting security properties of Azure AD multi-tenant applications

Intro The goal of this article is to dig deeper into some poorly documented and non-obvious security aspects of Azure Active Directory Applications, particularly regarding multi tenant applications. This is not a comprehensive guide about application and service principal security, but an overview of some security properties which I find non-obvious and of interest to attackers and defender. If you are not familiar with the basic concepts of Applications and Service principals in Azure AD, I suggest starting with the documentation....

12 min · soroganoth