Securing Your Azure Cloud – Adventures in Cloud Hacking

This talk will dive into different phases of cloud penetration testing and will focus on real world attack paths into the Azure Cloud. Cloud attack paths in this talk will include reconnaissance, password spraying, device code phishing, data theft in Entra ID from a low privileged user perspective, dumping public storage blobs, lateral movement with unsecured azure applications, pivoting from cloud to internal network, and finally achieving full cloud compromise using Kerberos in the cloud.

Fear not blue team! The only way to counter good offensive tradecraft is with good defensive cloud strategies. I will be giving out plenty of cloud defensive tactics during this talk. Can I do this in 50 mins? Come find out as I hack some clouds.