Smoke and Mirrors: How to hide in Microsoft Azure

Presented at Disobey 2024, Feb. 17, 2024, noon (30 minutes).

As organisations develop their cloud usage, and mature their cloud security operations; attackers have had to identify and develop methods to avoid detection. Our talk will explore techniques that would allow attackers to evade Graph Activity logs, along with methods to enable malicious actions to blend in with legitimate activity.

Presenters:

• Christian Philipov
  Chris is a senior security consultant in the cloud security team at WithSecure. Loves looking into the unique ways that Microsoft Azure and Google Cloud Platform (GCP) works as well as helping out his fellow colleagues with all their various cloud technical issues. Chris has previously presented at fwd:cloudsec as well as BlueTeamCon, and holds multiple Microsoft certificates with the latest one being Microsoft Cybersecurity Architect.
• Aled Mehta
  Aled is security consultant in the cloud security team at WithSecure. He spends the majority of his time exploring Microsoft Cloud services focussing on identifying new attack paths, or new ways of performing well established attacks. Outside of this exploration, he is motivated by sharing knowledge and skills with his colleagues and with the wider community.

Links:

• https://disobey.fi/2024/profile/disobey2024-213-smoke-and-mirrors-how-to-hide-in-microsoft-azure

Similar Presentations:

• Black Hat USA 2018 / Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform Capabilities
• CircleCityCon 10.0 (2023) Virtual / "Securing your Azure Cloud: Secrets from a Cloud Penetration Tester"