Explore a critical examination of identity management and authentication mechanisms in Azure services, focusing on Managed Identities, in this 44-minute Black Hat conference talk. Delve into novel approaches for maintaining persistence in Azure Functions and Azure Machine Learning service, uncovering security gaps and design oversights. Learn how researchers successfully bypassed Managed Identities security mechanisms, extracting Entra ID tokens and achieving undetectable stealthy persistence. Gain valuable insights into the vulnerabilities of complex interdependent cloud systems and the need for stronger identity management to ensure secure access in Azure environments.
Overview
Syllabus
Breaking Managed Identity Barriers In Azure Services
Taught by
Black Hat