Posts detailing Automation utilizing Cloud resources (cloud agnostic)
As always, jams: Introduction While performing research recently I discovered an Azure RBAC role that, by default, is able to perform actions within the Azure portal that appeared to be more than it should have been allowed. The Azure RBAC Role I’m referring to is the Avere Contributor role used to manage all things Avere […]
But always music first: Introduction Azure has a Cloud product called The Machine Learning Studio. This studio is a fully equipped Machine Learning lab environment that is tied to your organizations Azure subscription. Itis very easy to use and simplifies the process of creating and training AI/ML Models. While AI/ML has been at the forefront […]
As always, jams…. DCSync Hijacking I recently published a blog post detailing an attack where we could hijack AADConnect’s DCSync dataset to steal credentials and crack the credentials offline. The foundational knowledge here is as follows: We learned that by injecting a malicious DLL into the miiserver.exe process, we could actually siphon the DCSync dataset […]
But first – MUSIC 😛 BlueHat October 2023 I had the pleasure and privilege of attending Microsoft’s BlueHat October 2023 conference this year and was able to see and enjoy many of the talks that were presented. There are several that stood out but there is one that I specifically want to talk about (and […]
First: What is OSINT OSINT is an abbreviation that stands for Open Source Intelligence Gathering. It consists of techniques used by adversaries and pentesters alike to identify information about a target organization that provides information to the operator such as: OSINT is passive in nature and primarily relies on information obtained without actually sending traffic […]
