This site uses cookies to improve your experience. By viewing our content, you are accepting the use of cookies. To help us insure we adhere to various privacy regulations, please select your country/region of residence. If you do not select a country we will assume you are from the United States. View our privacy policy and terms of use.

Remove authors karl-fosaaen
article thumbnail

Abusing Azure App Service Managed Identity Assignments

Security Boulevard

FEBRUARY 15, 2023

Prior Work Karl Fosaaen wrote a great blog post in August of 2020 about Azure App Service abuses, including abusing managed identity assignments. Joshua Magri authored Invoke-AppServicesCMD.ps1 in 2021, which executes commands on Web App hosts through the Kudu API.

Authentication 52
Authentication Risk Advertising Passwords 52
article thumbnail

Abusing Azure Container Registry Tasks

Security Boulevard

APRIL 20, 2022

There’s some great prior work in this area, specifically when it comes to abusing managed identity configurations in AzureRM: From Karl Fosaaen : Attacking ACRs with Compromised Credentials. Azure Privilege Escalation Using Managed Identities. Abusing Azure Hybrid Workers for Privilege Escalation. The solution: managed identities!

Authentication 69
Authentication Risk Passwords Accountability 69
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

 

Stay Connected

Join 29,000+ Insiders by signing up for our newsletter

About
Webinars
About
Editions
Webinars
Editions
Topics
Powered by Aggregage | Terms and Conditions | Your California Rights and Privacy Policy
© Aggregage 2024