Reset password is a common feature that allows you to create or reset a local administrator account on Azure VM. This feature is helpful when you forgot the account used to log into your VM. There would be a question from an InfoSec guy – can such a password be viewable in the format of plain text? In another word, is it possible technically to gain that password?
In this article, I would like to provide a demonstration of how to extract the password that you use from the Reset Password feature.
Managed Identity in Azure is not new. Everyone loves it. People use it more often these days. Managed Identity would reduce the overhead of managing secrets or kind of certificate. However, the Managed Identity feature also introduces a new risk if misused.
This article is not going to introduce Azure Managed Identity again. Instead, it will provide a PowerShell script to help you quickly audit your VM(s) and VM Scale set(s) in your Azure environment to check if they have managed identities attached and their respective role assignments.
Last weekend I made a small PoC to use Nmap to scan an Azure VM. I then came up with an idea to write a script to get scan all live hosts in the same subnet from the given VM.
This article is just to share with you the script I wrote.
I got a question from a friend last week if he should enable System-Assigned Managed Identity (SAMI) on an Azure App Service running on a Linux host. He also asked if his developer team could use that SAMI to do any evil actions in his cloud environment.
Hopefully, this article would clarify a few things and then share a bash script to acquire the access token of Azure App Service’s SAMI.
Have you seen this research NotLegit: Azure App Service vulnerability exposed hundreds of source code repositories from Wiz? So basically from their research, if you Azure App Service uses Local Git your source code may have been compromised.
As a SecOps analyst, you are responsible for auditing your Azure cloud environment to check if any App service is using Local Git. This article provides you a script and Azure Policy template to help you audit.
There are ways to exclude your resources from being evaluated by Azure Policy. You can add a condition in a policy rule set. You can also use exclusion from notScopes.
In this article, let’s explore another feature in Azure Policy exemption. We will then see how to deploy it as code.
Log4Shell is an emerging threat and its exploit is still in the wild. As a SecOps analyst your job is to monitor your cloud assets ensure if there is any communication to known IoC you would have a proper action.
In this article, I’d like to share a simple script to help bulk upload known Log4Shell IoC to Microsoft Sentinel Threat Intelligence (TI) so you can monitor them.
Last week a friend asked me if creating or updating a virtual machine where a public IP address was associated with was detectable. This is a very common requirement in cloud security monitoring. Having a workload (aka virtual machine) with Internet exposure is never recommended. Otherwise, that virtual machine plays a security perimeter role.
In this article, let’s see how we can trigger an alert when someone creates or updates a virtual machine that has a public IP address.
Network Security Group (NSG) is one of the most common features in Azure to help strengthen your network defense. It allows you to filter network traffic to and from Azure resources. Having NSG in place doesn’t always mean your network is secure. A misconfiguration such as having an inbound rule to allow All would be like an open door to adversaries.
In this article, I would like to share a detection and monitoring use case to help detect if someone created or updated an NSG inbound rule to allow everything.
I was asked from people if Microsoft Defender for Cloud had any information related to the CVE-2021-44228 (Log4Shell) vulnerability which is currently the hottest vulnerability right now.
In this article, I would like to share a Resource Graph Query to find virtual machines that are vulnerable against Log4Shell vulnerability.