Log in Your Own Eye - Exploiting a Stealthy C2 Channel in Azure Logging Infrastructure

Presented at BSidesSF 2022 Rescheduled, June 5, 2022, 3 p.m. (25 minutes)

Cloud logging infrastructure is vital to security threat detection, but what happens when it’s hijacked by an adversary? Join us for a quick dive into abusing Azure Log Analytics as a covert channel (and what to do about it)!

Presenters:

• Dmitriy Beryoza - Vectra AI
  Dmitriy Beryoza is a Senior Security Researcher with Vectra AI, working on threat detection in the cloud and on-prem networks. Before that he was a penetration tester and secure software development advocate at IBM. Having been a developer for many years, he has built software of all types and sizes before switching to security full-time. Dmitriy holds a Ph.D. in Computer Science, and OSCP, CISSP, CCSP and CEH certifications. His interests include reverse engineering, secure software development, and CTF competitions.

Links:

• https://bsidessf2022.sched.com/event/rjrO/log-in-your-own-eye-exploiting-a-stealthy-c2-channel-in-azure-logging-infrastructure

Similar Presentations:

• HushCon Seattle 2022 / Abusing Azure Features for Persistence and C2
• DEF CON 30 (2022) / AzureGoat: Damn Vulnerable Azure Infrastructure Demo
• Wild West Hackin' Fest 2019 / Microsoft Azure: Dark Clouds and Weaponized Skies