Cloud Security Podcast28 Aug 2023

The Azure Cloud Security Pentesting Skills You NEED!

Karl Fosaaen, the author of Penetration Testing "Azure for Ethical Hacker" and the VP of Research at NetSPI, came as a guest to share why the penetration Test of a Web Application hosted on Azure Cloud in 2023 is quite different to just a simple/traditional web app pentesting and the skills you need to pentest Azure environments. Cloud Penetration testing is misunderstood to be just config review in Microsoft Azure Cloud just like in AWS and Google Cloud. In this video, we have Karl Fosaaen was kind enough to answer the following questions and methods.

Episode YouTube: ⁠ ⁠⁠⁠Video Link⁠⁠⁠⁠⁠⁠

Host Twitter: Ashish Rajan (⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@hashishrajan⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠)

Guest Socials: Karl's Linkedin (⁠⁠⁠⁠Karl Fosaaen)

Podcast Twitter - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:

- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Newsletter ⁠⁠⁠⁠⁠⁠

- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security BootCamp⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

Spotify TimeStamp for Interview Question

(00:00) Introduction

(02:32) A bit about Karl Fosaaen

(03:26) How is pentesting in Azure different from AWS?

(04:35) Cloud pentesting is not just config review

(05:42) Cloud pentesting vs Network pentesting

(06:25) Cloud Pentest - Next evolution of Network Pentest?

(07:14) Boundaries of cloud pentesting

(09:07) Do you need prior approval for Azure Pentest?

(09:32) Working with Microsoft Security Research Centre

(10:35) Process of pentesting in Azure

(11:57) Low hanging fruits to start off with!

(13:37) How to persist and escalate?

(14:58) Managed Identities in Azure

(16:23) Impact of peripheral services to Azure

(18:33) Scale of deployments in Azure

(21:02) Getting access to permissions for Azure Entra

(22:36) Scaling your pentest tools

(23:34) TTPs or Matrix you can use

(25:30) Getting into Azure Pentesting

(26:56) Transitioning from network to azure pentesting

(28:37) Connect with Karl

Resources:

The NetSPI Blog to learn more about offensive cloud security

Mitre - Cloud Attack Matrix

ATRM

Karl's Book - Penetration Testing Azure for Ethical Hackers: Develop practical skills to perform pentesting and risk assessment of Microsoft Azure environments

See you at the next episode!

Upptäck Premium

Prova 14 dagar kostnadsfritt

Skaffa Premium

Avsnitt(344)

What is Cloud Native Application Protection Platform - CNAPP Explained!

In this episode of the Virtual Coffee with Ashish edition, we spoke with Om Moolchandani (@omaitrika) is a CISO and CTO at Accurics (@AccuricsSec).. Episode ShowNotes, Links and Transcript on Cloud Se...

17 Okt 202148min

Google Cloud Next 21, Kubecon and VMworld - Cloud Security News

Cloud Security News this week 14 October 2021 It's an eventful month for all things cloud as Google Cloud Next 21 and Kubecon are happening this week. Ashish from Cloud Security Podcast was co-hosting...

13 Okt 20214min

Implementing Cloud Security Tools the Right way - Stay Alert Not Fatigue!

In this episode of the Virtual Coffee with Ashish edition, we spoke with Gaurav Kumar (@gauravphoenix) is the Founder of Dassana (@DassanaSecurity). Episode ShowNotes, Links and Transcript on Cloud Se...

10 Okt 202135min

AWS Launches Cloud Control API - Cloud Security News

Cloud Security News this week 06 October 2021 AWS has announced the availability of AWS Cloud Control API - a set of common application programming interfaces (APIs) that are designed to make it eas...

6 Okt 20213min

Data Security in Cloud with David McCaw, Dasera

In this episode of the Virtual Coffee with Ashish edition, we spoke with David McCaw (Linkedin - David McCaw) is a Co-Founder of Dasera (@DaseraInc). Episode ShowNotes, Links and Transcript on Cloud S...

3 Okt 202149min

Cloud Security ranks in 2021 OWASP Top 10 - Cloud Security News

Cloud Security News this week - 29 September 2021 Amazon Web Services, Google Cloud, IBM, and Microsoft have joined forces this week with the Enterprise Data Management (EDM) Council to publish a f...

29 Sep 20213min

Cloud Security Careers: Application Security Engineer Skills with Tanya Janca

In this episode of the Virtual Coffee with Ashish edition, we spoke with Tanya Janca (@shehackspurple) is an Author, Security Trainer and Founder of We Hack Purple (@WeHackPurple). Episode ShowNotes,...

26 Sep 202144min

Cloud Security Careers: Threat Analyst Skills

In this episode of the Virtual Coffee with Ashish edition, we spoke with Abisola Dayspring Johnson aka Day (@CyberwoxAcademy) is a Threat Analyst at Optiv (@Optiv) and the Founder of Cyberwox Academy ...

24 Sep 202141min

Allt en och samma app

Lyssna på dina favoritpoddar och ljudböcker på ett och samma ställe.

Noga utvalt innehåll

Njut av handplockade tips som passar din smak – utan ändlöst scrollande.

Fortsätt när du vill

Fortsätt lyssna där du slutade – även offline.

Premium

99 kr/ månad

Tillgång till alla Premium-poddar
Reklamfritt premium-innehåll
Avsluta när du vill

Prova 14 dagar gratis

Premium

129 kr/ månad

Tillgång till alla Premium-poddar
Reklamfritt premium-innehåll
Avsluta när du vill
Ett extra konto

Prova 14 dagar gratis

Populärt inom Teknik

Berättelserna och rösterna du älskar att lyssna på

Obegränsad lyssning på alla dina favoritpoddar och ljudböcker

Upptäck Premium