If this isn't a complete course on why you should disable code or execution of things on an entire directory, or ya know disable direct access to user uploades using an set to call the files in a sanitized way, as clean text only. I have to admit it's cool to see some of these things, but alot of these vulnerablities come off more as Pebuac sorts of the one who setup that web service, and less in 'it's in the cloud'.
I regulary Watch Your Video , But today i wanna say thank you to you man,.. You are doing great job. You Motivate me to work in the cyber security field in interesting way. Thank You John Sir !!🙏🏻🙏🏻
This was great. I understood most of it. Started out with PS and now i'm learning linux OS to understand the basics before I go to networks and further.
Great uses of SAAS tools! These git-flows all lead back home, and with resources beyond 09-01-2017... So working with URI's is similar to working with URL's, but without the universal curl commandeer? Awesome! Who could of think of that? Next up Amazon AWS? Cloudfare? Some other CDN, like fonts for Google?
Ah, I see John on the quick side of things. >:D The whole Azure *Tree* with all the Kubernetes Cluster Setups and Managements is beautifully riddled with ... holes. :D
if we know that there is the page after uploads and we know page name (like you you create your own sheell and there you spesify the C and then you modify the url c=whoami and its executed if we dont upload this kind of shell) then how we execute commands in url
Hey John, I am a victim of someone hacking my multiple accounts gmail microsoft Facebook twitter etc maybe through my phone or somehow they got access to my Google password manager, Is there any safety steps I can take other than changing password and adding 2 factor authenticator app? Any help is appreciated.
Isnt all of your attack possible because of the website and code uploaded to the i guess webapp? And not because of Azure, WebApps, Functions or other PaaS in Azure? The Title seems very Clickbaity. Please educate me
I agree on this one. When an RCE happens on your server, they will always have access to secrets in one form or fashion. We are pulling our secrets in via Azure Keyvault at runtime with a managed identity, so this particular video interested me. This makes it super easy for the attacker to get access to the Keyvault to pull secrets. However if they are already on the server, they could dump memory and get them this one. I think the one take away is to make sure your managed identities are properly scoped. Don't use one managed identity for all applications.
Agree. Use system managed identity and use IAM to grant access to needed ressources and thats it. And i really do hope that people do not have VMs with PublicIPs available in azure...use a loadbalancer at least infront of it.
Your videos are great. Keep it up, it really helps us all learn. But I admit the conditions for this hack were staged for the hacking adventure, but it shows how multiple vulnerabilities can be used. Thank you.
This was great. I understood most of it. Started out with PS and now i'm learning linux OS to understand the basics before I go to networks and further.
If this isn't a complete course on why you should disable code or execution of things on an entire directory, or ya know disable direct access to user uploades using an set to call the files in a sanitized way, as clean text only.
I have to admit it's cool to see some of these things, but alot of these vulnerablities come off more as Pebuac sorts of the one who setup that web service, and less in 'it's in the cloud'.
I regulary Watch Your Video , But today i wanna say thank you to you man,.. You are doing great job. You Motivate me to work in the cyber security field in interesting way.
Thank You John Sir !!🙏🏻🙏🏻
Pjuup the
:-[8-:'(😮
very cool writeup! this is something that will get mitigated once CAE (continuous access evaluation) support managed identities.
This was great. I understood most of it. Started out with PS and now i'm learning linux OS to understand the basics before I go to networks and further.
😊 love how your skills have evolved into beautiful public resources for knowledge, understanding, and wisdom. Thank you for all you time and teachings
John's the best there is. These are so Insighful.
If one needs a name, the initial access of the managed identity endpoint is effectively a case of SSRF - server side request forgery.
Rad stuff. I guess one way to learn Azure AD I mean Entra ID is to learn some attack chains.
I actually wanted to get a blue team cert after the CBBH, but this looks too tempting
Sir, its Entra ID sir
Viva la résistance
I am literally right now deploying AKS cluster, and also using Managed Identities for internal stuff. Damn, have to watch this :D
great demo ... i didnt know it could escalate this far... secure sites are the key to protect cloud env.
Great uses of SAAS tools! These git-flows all lead back home, and with resources beyond 09-01-2017... So working with URI's is similar to working with URL's, but without the universal curl commandeer? Awesome! Who could of think of that?
Next up Amazon AWS? Cloudfare? Some other CDN, like fonts for Google?
Ah, I see John on the quick side of things. >:D The whole Azure *Tree* with all the Kubernetes Cluster Setups and Managements is beautifully riddled with ... holes. :D
As always John the king of security
if we know that there is the page after uploads and we know page name (like you you create your own sheell and there you spesify the C and then you modify the url c=whoami and its executed if we dont upload this kind of shell) then how we execute commands in url
NICE!! well done and thanks for theat
Boom, another vuln got Hammonded! :D
I do not understand in 06:31 where did you gather the api-version from
Shoulnd't it be Entra ID, instead of Azure AD, in the cert?
Hey John, I am a victim of someone hacking my multiple accounts gmail microsoft Facebook twitter etc maybe through my phone or somehow they got access to my Google password manager, Is there any safety steps I can take other than changing password and adding 2 factor authenticator app? Any help is appreciated.
Really awesome video 🎉.....i also learning cloud security 😀
Isnt all of your attack possible because of the website and code uploaded to the i guess webapp? And not because of Azure, WebApps, Functions or other PaaS in Azure?
The Title seems very Clickbaity. Please educate me
I agree on this one. When an RCE happens on your server, they will always have access to secrets in one form or fashion. We are pulling our secrets in via Azure Keyvault at runtime with a managed identity, so this particular video interested me. This makes it super easy for the attacker to get access to the Keyvault to pull secrets. However if they are already on the server, they could dump memory and get them this one.
I think the one take away is to make sure your managed identities are properly scoped. Don't use one managed identity for all applications.
Agree. Use system managed identity and use IAM to grant access to needed ressources and thats it. And i really do hope that people do not have VMs with PublicIPs available in azure...use a loadbalancer at least infront of it.
110% clickbait. The vulnerability is SSI, which has been known for 20+ years surfacing again due to clueless DevOps managing infrastructure.
does there is any ctf challenge for demo this attack or something similar to it like azure active directory attacks?
Really cool mate👍
another great video!
Your videos are great. Keep it up, it really helps us all learn. But I admit the conditions for this hack were staged for the hacking adventure, but it shows how multiple vulnerabilities can be used. Thank you.
Amazing thanks!
Bro do you know how does someone exploited all the data of boat company
@@wildstorm74 boat
I mean boat a speaker etc brand
Bro where is the XZ back door proof of concept video
Interesting stuff - thanks!
HI John
is it just me or did he look at the eclipse a little too long? eyes r a lil red lookin
You cant get away with this.
Azure Active Directory? Don't you mean Entra ID? 🤮
funny that windows defender detects this as a trojan
please 1 video how to hacked gmail password please please new video
🙏🙏🙏🙏🙏🙏
Serious
COOL!
Is bro still at the hotel that he leaked the address to in his last video? 😭 be safe bro
Why should he worry about that tho?
Old hackers descend ppl from sky to earth sow y will never reach them😂😂😂
😱
Hack my company if you can HOHOHOHO 👹👺👺
top
early gang
Security is only as good as the person who sets it up.
Very nice demonstration!
This was great. I understood most of it. Started out with PS and now i'm learning linux OS to understand the basics before I go to networks and further.