Summary: Azure Deployment Scripts with User-Assigned Managed Identities can be exploited by attackers to gain unauthorized access and escalate privileges. The Deployment Scripts service allows users to run code in a containerized Azure environment, making it a convenient way to deploy complex resources. However, administrators need to closely monitor the permissions granted to users and Managed Identities to prevent privilege escalation.…
Author: Netspi
____________________ Summary: The article discusses the Azure Batch service and highlights potential areas for misconfigurations and sensitive data exposure. It explains how the service functions as a middle ground between Azure Automation Accounts and a full deployment of an individual Virtual Machine. The article also mentions the risks associated with Reader and Contributor access to Batch, such as reading sensitive data and gaining access to SAS tokens.…
______________________ Summary: The article discusses the technique of HTML smuggling and introduces a new approach using Web Assembly (Wasm). It explains how Wasm allows code to be written in system languages like C++, Rust, and Go, and compiled to run in the browser. The author also provides a proof-of-concept tool called “SilkWasm” for generating Wasm smuggles.…
Summary: TOTP (Time-Based One-Time Password) is a common two-factor authentication method that generates time-sensitive passcodes. However, it has become outdated and vulnerable to brute force attacks. In this article, the author discusses the security risks of TOTP and suggests alternative 2FA methods to enhance security.
Key Points: * TOTP is a simple and widely used 2FA method that lacks complexity in its implementation.…
______________________ Summary: The blog post discusses the potential security risks associated with Azure Container Registry (ACR) and the abuse of Managed Identities to generate tokens. It introduces a tool called MicroBurst that automates the process of creating a malicious ACR task and extracting tokens.
Key Points: * ACR can have attached Managed Identities that can be exploited by attackers.…
____________________ Summary: XPath Injection is a significant threat in web applications that allows attackers to exploit user input and gain unauthorized access to sensitive data. This blog explores the risks and consequences of XPath Injection and provides insights into manipulating XPath queries. It also guides users on setting up a lab environment to replicate real-world challenges and offers tips on protecting applications from this vulnerability.…
______________________ Summary: The article discusses the discovery of a vulnerability in Azure Function Apps that allowed for the extraction of managed identity credentials. The issue has since been addressed by Microsoft.
Key Points: * Linux containers in Azure Function Apps use an encrypted startup context file hosted in Azure Storage Accounts.…