How a Control Plane Fail Can Help You Learn About Azure Security

Explore a 26-minute conference talk from fwd:cloudsec where Principal researcher and TrustOnCloud CTO Tyson Garrett leverages his 13+ years of cloud security expertise to analyze an Azure OpenAI control plane bypass incident. Learn critical differences between Azure and AWS permission controls, discover native Azure security features, and understand techniques for finding unpublished APIs through Azure permissions. Gain practical insights into examining managed/built-in roles, understanding the risks of using wildcards, and utilizing REST APIs for vulnerability discovery. Drawing from his experience at Packetloop and AWS, where he helped define AWS Security Foundational Best Practices and config conformance packs, Garrett provides valuable lessons for security professionals transitioning between cloud platforms.