and EY India LLP. •Been in this industry for 7 years now J Played both Attacking and Defending sides in the previous roles J •Spoke at Defcon Las vegas, OWASP Appsec USA toorcon san diego, Bsides las vegas etc…. Patreon for Null Chennai and Owasp Chennai chapters. •Holds industry certs such as OSCP, OSCE, OSWE, Crest CRT , CRTP etc … •B tech from Jerusalem college of engineering (Anna univ). I (re)learned fundamentals under Anita ma'am J J
introduction to cloud services in our case will be azure. I will try to keep theory part minimal and we will do the hands-on demo for most of the scenarios that is to be discussed in this talk. The talk will revolve around the industry practices and experiences that I have learned over my time working with various organizations facing threats targeting their cloud environment. Incase you have any questions feel free to stop me anytime and I will answer your questions J
number of breaches Famous cloud breaches Accenture – 2021 – 6TB data stolen Kaseya – 2021 – Customer data stolen Facebook- 2021 – millions of data stolen Uber 2022 – Entire organization compromise Marriot – 2018 – Passports and Credit card numbers stolen – millions of customer PII data
is an organized approach to addressing and managing the aftermath of a security breach or cyberattack, also known as an IT incident, computer incident or security incident. The goal is to handle the situation in a way that limits damage and reduces recovery time and costs. Ideally, incident response activities are conducted by an organization's computer security incident response team (CSIRT), a group that has been previously selected to include information security and general IT staff as well as C-suite level members. The team may also include representatives from the legal, human resources and public relations departments. The incident response team follows the organization's incident response plan (IRP), which is a set of written instructions that outline the organization's response to network events, security incidents and confirmed breaches.
Directory (Azure AD or AAD) is "Microsoft’s cloud-based identity and access management service". •Microsoft proposes AAD as Identity as a Service (IDaaS) solution "that span all aspects of identity, access management, and security". •Azure AD can be used to access both – External resources like Azure Portal, Office 365 etc. and – Internal resources like on-premises applications. •Azure AD provides secure remote access for AD-integrated apps, devices and identity governance for AD accounts.
Azure Active Directory is the next evolution of identity and access management solutions for the cloud. Microsoft introduced Active Directory Domain Services in Windows 2000 to give organizations the ability to manage multiple on- premises infrastructure components and systems using a single identity per user. Azure AD takes this approach to the next level by providing organizations with an Identity as a Service (IDaaS) solution for all their apps across cloud and on-premises. https://learn.microsoft.com/en-us/azure/active- directory/fundamentals/active-directory- compare-azure-ad-to-ad
represents a single organization. •Azure AD Directory - Each tenant has a dedicated Directory. This is used to perform identity and access management functions for resources. •Subscriptions - It is used to pay for services. There can be multiple subscriptions in a Directory. •Core Domain - The initial domain name <tenant>.onmicrosoft.com is the core domain. It is possible to define custom domain names too. In Azure, resources are divided in four levels – Management Groups – Subscriptions – Resource Groups – Resources
An Azure subscription is a logical unit of Azure services that links to an Azure account. An Azure AD Directory may have multiple subscriptions but each subscription can only trust a single directory. A resource is a deployable item in Azure like VMs, App Services, Storage Accounts etc. •In Azure, all the resources must be inside a resource group and can belong only to a group. •Azure provides the ability to assign Managed Identities to resources like app service, function apps, virtual machines etc. •Managed Identity uses Azure AD tokens to accesso the resources(like key vaults, storage accounts) that support Azure AD authentication.
•Insecure Direct Object reference •Server Side Request Forgery on App Function Environment •Sensitive Data Exposure and Password Reset •Storage Account Misconfigurations •Identity Misconfigurations
owner of resource group which is game over for nearsecurity Inc. L As a Defender – Find out how the attacker was able to reach the owner of resource group for nearsecurity inc. Azure Defense products ? Azure Resources - Alerts Azure AD Roles - Access Review Privileged Identity Management (PIM) Azure AD Identity Protection Microsoft 365 Defender Microsoft Sentinel
santhoshkumar22
yajihum
toshi_atsumi
yasumuusan
.JPG){kind=avatar}
koh_naga
aeonpeople
nagix
pauli
macloud
toru_kubota
emiki
sat
miyakemito
rasmusluckow
philhawksworth
addyosmani
colly
eileencodes
nonsquared
kastner
lara
palkan
swwweet
samanthasiow
quramy
![Have questions? Mail me : [email protected] Linkedin : https://www.linkedin.com/in/santhoshkumar22/ Twitter:](https://files.speakerdeck.com/presentations/d219d2e71d6b4e908f19c35b8f5e8ae2/slide_17.jpg){kind=link}