With the increase in hybrid cloud adoption, that extends traditional active directory domain environments into Azure, penetration tests and red team assessments are more frequently bringing Azure tenants into the engagement scope. Attackers are often finding themselves with an initial foothold in Azure, but lacking in ideas on what an escalation path would look like. This talk will cover some of the common initial access vectors in Azure, along with a handful of escalation paths for getting full control over an Azure tenant. In addition to this, we will cover some techniques for maintaining that privileged access after an initial escalation. Finally, we will cover some of the tools that will help identify and exploit the issues outlined in this talk.
Karl is a Practice Director at NetSPI who specializes in network and web application penetration testing. With over ten years of consulting experience in the computer security industry, he has worked in a variety of industries and has been a guest administrator on a bunch of Windows domains. Recently, he has spent his time working on a set of tools (MicroBurst) to help automate attacks against the Azure stack. Over the years at NetSPI, Karl has worn several hats: password cracker, social engineer, and pinball machine maintainer. Karl has previously spoken at THOTCON, DerbyCon, and BSidesPDX.