I Hacked The Cloud: Azure Managed Identities
HTML-код
- Опубликовано: 10 апр 2024
- jh.live/alteredsecurity || Altered Security has just released their new "Advanced Azure Attacks" course and "Certified Azure Red Team Expert" certification -- use code HAMMOND20 for 20% off ALL THREE of their Azure courses! jh.live/alteredsecurity
🗨️ "I Hacked The Cloud" -- compromising an Azure website, swiping the access token for the managed identity of the web app, leveraging permissions to gain code execution on a virtual machine, and extracting credentials for further access! 😎 💬
Learn Cybersecurity - Name Your Price Training with John Hammond: nameyourpricetraining.com
📧JOIN MY NEWSLETTER ➡ jh.live/email
🙏SUPPORT THE CHANNEL ➡ jh.live/patreon
🤝 SPONSOR THE CHANNEL ➡ jh.live/sponsor
🌎FOLLOW ME EVERYWHERE ➡ jh.live/twitter ↔ jh.live/linkedin ↔ jh.live/discord ↔ jh.live/instagram ↔ jh.live/tiktok
💥 SEND ME MALWARE ➡ jh.live/malware
🔥RUclips ALGORITHM ➡ Like, Comment, & Subscribe!
I regulary Watch Your Video , But today i wanna say thank you to you man,.. You are doing great job. You Motivate me to work in the cyber security field in interesting way.
Thank You John Sir !!🙏🏻🙏🏻
Pjuup the
:-[8-:'(😮
If this isn't a complete course on why you should disable code or execution of things on an entire directory, or ya know disable direct access to user uploades using an set to call the files in a sanitized way, as clean text only.
I have to admit it's cool to see some of these things, but alot of these vulnerablities come off more as Pebuac sorts of the one who setup that web service, and less in 'it's in the cloud'.
This was great. I understood most of it. Started out with PS and now i'm learning linux OS to understand the basics before I go to networks and further.
very cool writeup! this is something that will get mitigated once CAE (continuous access evaluation) support managed identities.
John's the best there is. These are so Insighful.
Very nice demonstration!
NICE!! well done and thanks for theat
Rad stuff. I guess one way to learn Azure AD I mean Entra ID is to learn some attack chains.
😊 love how your skills have evolved into beautiful public resources for knowledge, understanding, and wisdom. Thank you for all you time and teachings
great demo ... i didnt know it could escalate this far... secure sites are the key to protect cloud env.
I actually wanted to get a blue team cert after the CBBH, but this looks too tempting
If one needs a name, the initial access of the managed identity endpoint is effectively a case of SSRF - server side request forgery.
Really awesome video 🎉.....i also learning cloud security 😀
As always John the king of security
another great video!
Amazing thanks!
Interesting stuff - thanks!
John has 'dirbuster' integrated right into his browser's auto complete suggestions :)
I am literally right now deploying AKS cluster, and also using Managed Identities for internal stuff. Damn, have to watch this :D
Really cool mate👍
Boom, another vuln got Hammonded! :D
Ah, I see John on the quick side of things. >:D The whole Azure *Tree* with all the Kubernetes Cluster Setups and Managements is beautifully riddled with ... holes. :D
Great uses of SAAS tools! These git-flows all lead back home, and with resources beyond 09-01-2017... So working with URI's is similar to working with URL's, but without the universal curl commandeer? Awesome! Who could of think of that?
Next up Amazon AWS? Cloudfare? Some other CDN, like fonts for Google?
does there is any ctf challenge for demo this attack or something similar to it like azure active directory attacks?
Sir, its Entra ID sir
Viva la résistance
Security is only as good as the person who sets it up.
I do not understand in 06:31 where did you gather the api-version from
if we know that there is the page after uploads and we know page name (like you you create your own sheell and there you spesify the C and then you modify the url c=whoami and its executed if we dont upload this kind of shell) then how we execute commands in url
Hey John, I am a victim of someone hacking my multiple accounts gmail microsoft Facebook twitter etc maybe through my phone or somehow they got access to my Google password manager, Is there any safety steps I can take other than changing password and adding 2 factor authenticator app? Any help is appreciated.
Shoulnd't it be Entra ID, instead of Azure AD, in the cert?
HI John
Isnt all of your attack possible because of the website and code uploaded to the i guess webapp? And not because of Azure, WebApps, Functions or other PaaS in Azure?
The Title seems very Clickbaity. Please educate me
I agree on this one. When an RCE happens on your server, they will always have access to secrets in one form or fashion. We are pulling our secrets in via Azure Keyvault at runtime with a managed identity, so this particular video interested me. This makes it super easy for the attacker to get access to the Keyvault to pull secrets. However if they are already on the server, they could dump memory and get them this one.
I think the one take away is to make sure your managed identities are properly scoped. Don't use one managed identity for all applications.
Agree. Use system managed identity and use IAM to grant access to needed ressources and thats it. And i really do hope that people do not have VMs with PublicIPs available in azure...use a loadbalancer at least infront of it.
110% clickbait. The vulnerability is SSI, which has been known for 20+ years surfacing again due to clueless DevOps managing infrastructure.
Your videos are great. Keep it up, it really helps us all learn. But I admit the conditions for this hack were staged for the hacking adventure, but it shows how multiple vulnerabilities can be used. Thank you.
COOL!
Bro do you know how does someone exploited all the data of boat company
@@wildstorm74 boat
I mean boat a speaker etc brand
Serious
Bro where is the XZ back door proof of concept video
You cant get away with this.
please 1 video how to hacked gmail password please please new video
🙏🙏🙏🙏🙏🙏
is it just me or did he look at the eclipse a little too long? eyes r a lil red lookin
funny that windows defender detects this as a trojan
😱
Azure Active Directory? Don't you mean Entra ID? 🤮
top
Is bro still at the hotel that he leaked the address to in his last video? 😭 be safe bro
Why should he worry about that tho?
early gang
Old hackers descend ppl from sky to earth sow y will never reach them😂😂😂
Hack my company if you can HOHOHOHO 👹👺👺
This was great. I understood most of it. Started out with PS and now i'm learning linux OS to understand the basics before I go to networks and further.