Cloud Security Podcast28 Aug 2023

The Azure Cloud Security Pentesting Skills You NEED!

Karl Fosaaen, the author of Penetration Testing "Azure for Ethical Hacker" and the VP of Research at NetSPI, came as a guest to share why the penetration Test of a Web Application hosted on Azure Cloud in 2023 is quite different to just a simple/traditional web app pentesting and the skills you need to pentest Azure environments. Cloud Penetration testing is misunderstood to be just config review in Microsoft Azure Cloud just like in AWS and Google Cloud. In this video, we have Karl Fosaaen was kind enough to answer the following questions and methods.

Episode YouTube: ⁠ ⁠⁠⁠Video Link⁠⁠⁠⁠⁠⁠

Host Twitter: Ashish Rajan (⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@hashishrajan⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠)

Guest Socials: Karl's Linkedin (⁠⁠⁠⁠Karl Fosaaen)

Podcast Twitter - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:

- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Newsletter ⁠⁠⁠⁠⁠⁠

- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security BootCamp⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

Spotify TimeStamp for Interview Question

(00:00) Introduction

(02:32) A bit about Karl Fosaaen

(03:26) How is pentesting in Azure different from AWS?

(04:35) Cloud pentesting is not just config review

(05:42) Cloud pentesting vs Network pentesting

(06:25) Cloud Pentest - Next evolution of Network Pentest?

(07:14) Boundaries of cloud pentesting

(09:07) Do you need prior approval for Azure Pentest?

(09:32) Working with Microsoft Security Research Centre

(10:35) Process of pentesting in Azure

(11:57) Low hanging fruits to start off with!

(13:37) How to persist and escalate?

(14:58) Managed Identities in Azure

(16:23) Impact of peripheral services to Azure

(18:33) Scale of deployments in Azure

(21:02) Getting access to permissions for Azure Entra

(22:36) Scaling your pentest tools

(23:34) TTPs or Matrix you can use

(25:30) Getting into Azure Pentesting

(26:56) Transitioning from network to azure pentesting

(28:37) Connect with Karl

Resources:

The NetSPI Blog to learn more about offensive cloud security

Mitre - Cloud Attack Matrix

ATRM

Karl's Book - Penetration Testing Azure for Ethical Hackers: Develop practical skills to perform pentesting and risk assessment of Microsoft Azure environments

See you at the next episode!

Oppdag Premium

Prøv 14 dager gratis

Kjøp Premium

Episoder(344)

Building an Incident Response Team for High-Growth Companies

In this episode, we sit down with Santiago, a Senior Security Engineer at Canva, to talk about the complexities of building and managing an incident response team, especially in high-growth companies....

22 Aug 202427min

State of Cloud Security 2024 - Leadership Edition

Leadership Insights on Cloud Security in 2024. Ashish sat down with return guest Srinath Kuruvadi, a seasoned cloud security leader with over two decades of experience in the field. Together, they exp...

6 Aug 202425min

Cloud Native Strategies from a FinTech CISO

What are you doing differently today that you're stopping tomorrow's legacy? In this episode Ashish spoke to Adrian Asher, CISO and Cloud Architect at Checkout.com, to explore the journey from monolit...

30 Jul 202421min

Fixing Cloud Security with AWS Lambda

How to secure AWS cloud using AWS Lambda? We spoke to Lily Chau from Roku at BSidesSF about her experience and innovative approach to tackling security issues in AWS environments. From deploying IAM r...

23 Jul 202421min

What is confidential computing? Explained for 2024

How can you protect your data with Confidential Compute and Containers? Ashish spoke to Zvonko Kaiser, Principal Systems Software Engineer, Confidential Containers and Kubernetes at Nvidia about confi...

16 Jul 202422min

The Evolution of Infrastructure as Code so far - 2024 Edition

How to implement infrastructure as code? Ashish spoke to Armon Dadgar. Co-Founder and CTO at HashiCorp at Hashidays London. Armon speaks about his journey from co-creating Terraform, the first open-so...

9 Jul 202427min

What is AI-SPM?

What is the future of AI Security and Data Protection? At AWS re:Inforce in Philadelphia this year, Ashish spoke to Dan Benjamin, Head of Data, Identity and AI Security at Prisma Cloud about the new c...

4 Jul 202423min

Creating Effective Sigma Rules with AI

Can Threat Detection be enhanced with AI? Ashish sat down with Dave Johnson, Senior Threat Intelligence Advisor at Feedly, at BSides SF 2024, where Dave also presented a talk. Dave shares his journey ...

25 Jun 202422min

Reklamefrie Premium-podkaster

Hør populære podkaster som Storefri med Mikkel og Herman, Ida med hjertet i hånden, Krimpodden og mye mye mer

Skap din egen podkastboble

I appen skaper du ditt eget bibliotek med favoritter, og vi gir deg også anbefalinger til podkaster du ikke kan gå glipp av.

Prøv 14 dager gratis

Dersom du er ny Podme-bruker får du 14 dager gratis prøveperiode når du oppretter abonnement

Premium

99 kr/ måned

Tilgang til alle våre Premium-podkaster
Alle podkaster fra VG, Aftenposten, BT og SA
Reklamefritt Premium-innhold
Ingen bindingstid. Avslutt når du ønsker

Prøv 14 dager gratis

Premium

129 kr/ måned

Tilgang til alle Premium-podkaster
Alle podkaster fra VG, Aftenposten, BT og SA
Reklamefritt Premium-innhold
Ingen bindingstid. Avslutt når du ønsker
En Ekstra bruker

Prøv 14 dager gratis

Populært innen Teknologi

rss-teknologioptimistene-energibransjens-it-podcast

Historiene og stemmene du vil høre

Ubegrenset tilgang til alle dine favorittpodkaster og lydbøker

Les mer