All Your Cloud Are Belong To Us – Hunting Compromise in Azure

Explore the evolving landscape of cloud security in this 59-minute conference talk from BruCON Security Conference. Delve into the tactics used by attackers to compromise cloud networks, focusing on Azure vulnerabilities. Learn about hunting, identifying, and remediating compromised systems in Azure's vast network of exposed hosts. Discover how lessons learned from these incidents have been applied to enhance security in Azure Marketplace. Gain insights into the default security configurations of Azure and AWS Marketplace images, and understand the challenges faced in securing cloud environments. Examine case studies involving MongoDB, Redis, Elastic, Hadoop, SMBv1, IIS6.0, and Samba compromises. Explore topics such as ransomware monetization, the disappearance of traditional security perimeters, and proactive measures for cloud security. Conclude with a call to action for teams working on Azure security offerings and key takeaways for improving cloud security posture.