When there are passphrases, there is inherent risk, says Redmond Ignite Microsoft has said it will add end-to-end encryption for some one-to-one Teams calls later this year – and urged folks to move away from using passwords with Azure AD.… The Register – Security
For many years, pentester-hosted SMB shares have been a common technology to use during internal penetration tests for getting tools over to, and data off of, target systems. The process is simple: share a folder from your testing system, execute a “net use z: \testingbox\tools” from your target, and run your tools from the share. […]
It has been a while since the initial release (August 2018) of the Get-AzurePasswords module within MicroBurst, so I figured it was time to do an overview post that explains how to use each option within the tool. Since each targeted service in the script has a different way of getting credentials, I want users […]
We test a lot of web applications at NetSPI, and as everyone continues to move their operations into the cloud, we’re running into more instances of applications being run on Azure App Services. Whenever we run into an App Services application with a serious vulnerability, I’ll frequently get a ping asking about next steps to […]
In every penetration test that involves Azure, we want to escalate our privileges up to a global administrator of the tenant. Once we’ve escalated our privileges in an Azure tenant, we want to have the ability to maintain our access to each subscription and the tenant as a whole. Aside from the benefits of controlling […]