The Azure Cloud Security Pentesting Skills You NEED!
Cloud Security Podcast28 Aug 2023

The Azure Cloud Security Pentesting Skills You NEED!

Karl Fosaaen, the author of Penetration Testing "Azure for Ethical Hacker" and the VP of Research at NetSPI, came as a guest to share why the penetration Test of a Web Application hosted on Azure Cloud in 2023 is quite different to just a simple/traditional web app pentesting and the skills you need to pentest Azure environments. Cloud Penetration testing is misunderstood to be just config review in Microsoft Azure Cloud just like in AWS and Google Cloud. In this video, we have Karl Fosaaen was kind enough to answer the following questions and methods.


Episode YouTube: ⁠ ⁠⁠⁠Video Link⁠⁠⁠⁠⁠⁠


Host Twitter: Ashish Rajan (⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@hashishrajan⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠)

Guest Socials: Karl's Linkedin (⁠⁠⁠⁠Karl Fosaaen)

Podcast Twitter - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:

- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Newsletter ⁠⁠⁠⁠⁠⁠

- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security BootCamp⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠


Spotify TimeStamp for Interview Question

(00:00) Introduction

(02:32) A bit about Karl Fosaaen

(03:26) How is pentesting in Azure different from AWS?

(04:35) Cloud pentesting is not just config review

(05:42) Cloud pentesting vs Network pentesting

(06:25) Cloud Pentest - Next evolution of Network Pentest?

(07:14) Boundaries of cloud pentesting

(09:07) Do you need prior approval for Azure Pentest?

(09:32) Working with Microsoft Security Research Centre

(10:35) Process of pentesting in Azure

(11:57) Low hanging fruits to start off with!

(13:37) How to persist and escalate?

(14:58) Managed Identities in Azure

(16:23) Impact of peripheral services to Azure

(18:33) Scale of deployments in Azure

(21:02) Getting access to permissions for Azure Entra

(22:36) Scaling your pentest tools

(23:34) TTPs or Matrix you can use

(25:30) Getting into Azure Pentesting

(26:56) Transitioning from network to azure pentesting

(28:37) Connect with Karl


Resources:

The NetSPI Blog to learn more about offensive cloud security

Mitre - Cloud Attack Matrix

ATRM

Karl's Book - Penetration Testing Azure for Ethical Hackers: Develop practical skills to perform pentesting and risk assessment of Microsoft Azure environments

See you at the next episode!

Episoder(344)

API SECURITY BEST PRACTICES 2022

API SECURITY BEST PRACTICES 2022

In this episode of the Virtual Coffee with Ashish edition, we spoke with Corey Ball (Corey's Twitter) about what does API in a modern software stack looks like and how these can be attacked and protec...

5 Sep 202239min

BlackHat Defcon 2022 - The Cloud Security Edition

BlackHat Defcon 2022 - The Cloud Security Edition

Special Episode by Shilpi and Ashish sharing their recap, highlights, big takeaways, Cloud Talks and Training from Hacker Summer Camp - Blackhat Defcon Diana Initiative BSides Vegas 2022. Blog with li...

28 Aug 20221h 2min

HOW TO Threat Model Digital Applications in Cloud

HOW TO Threat Model Digital Applications in Cloud

In this episode of the Virtual Coffee with Ashish edition, we spoke with Jeevan Singh (Jeevan's Linkedin) about Threat Modelling STRIDE Threat Modelling can be used for self service Application runnin...

21 Aug 202259min

HOW TO SECURE CONTAINER ENVIRONMENT FOR FINANCIAL SERVICES

HOW TO SECURE CONTAINER ENVIRONMENT FOR FINANCIAL SERVICES

In this episode of the Virtual Coffee with Ashish edition, we spoke with Karthik Ramamoorthy (Karthik's Linkedin) about Container security with NIST Framework for financial services organizations. Epi...

7 Aug 202255min

AWS ReInforce 2022 Recap & Highlights

AWS ReInforce 2022 Recap & Highlights

Special Episode by Shilpi and Ashish sharing their recap, highlights, big takeaways, meh moments and in person experience from AWS ReInforce 2022. Twitter Space with Cloud Security Community about the...

2 Aug 202253min

Fundamentals of AWS Cloud Security Assessment

Fundamentals of AWS Cloud Security Assessment

In this episode of the Virtual Coffee with Ashish edition, we spoke with Cassandra Young (@muteki_rtw) Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv Ho...

30 Jul 202249min

So Now You Know!

So Now You Know!

Special Episode by Shilpi and Ashish announcing the 1 year partnership with Snyk and what does this mean for the podcast community - you and also for Ashish and Shilpi. The new Architecture series we ...

28 Jul 202218min

HOW TO SECURE AWS CLOUD ENVIRONMENT FOR HEALTHCARE

HOW TO SECURE AWS CLOUD ENVIRONMENT FOR HEALTHCARE

In this episode of the Virtual Coffee with Ashish edition, we spoke with Kyler Middleton (Kyler's Linkedin) Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast....

20 Jul 202255min

Populært innen Teknologi

lydartikler-fra-aftenposten
romkapsel
teknisk-sett
tomprat-med-gunnar-tjomlid
rss-impressions-2
shifter
fornybaren
teknologi-og-mennesker
smart-forklart
rss-ki-praten
rss-alt-vi-kan
elektropodden
pedagogisk-intelligens
rss-praktisk-proptech
rss-heis
rss-ai-forklart
hans-petter-og-co
nasjonal-sikkerhetsmyndighet-nsm
kortslutning
rss-teknologioptimistene-energibransjens-it-podcast