Managed Identity Adds Owner — This article describes how a user with limited permissions on a resource group can elevate its privileges to a Subscription Owner! O.M.G I while back I was doing some research on the possibility how to run a PowerShell script from an Azure Policy, and see if this method could be…

Hi All, For the last two weeks I have been working on developing a PowerShell module for the Microsoft Sentinel Workspace Manager. I have just released it and can be found in the PSGallery. You can download it from here Install-Module AzWorkspaceManager Getting Started The AzWorkspaceManager PowerShell module helps you in automating…

It is not a great discovery but probably useful to some of you PowerShell scriptwriters out there. Currently I am on a holiday in Croatia and where most people find it relaxing to spent 3 weeks looking at other people in the swimming pool, I enjoy to improve my coding…

No more password rotation or certificate renewals. It is almost too good to be true. In this article, I will describe how you can create a service principal in the Azure AD without a password, and use these to log in to an Azure environment. As a security consultant, I…

You say what? Credentials stay exposed in the Azure AD! Well, actually yes they are visible up until some point. Although this isn’t by design, the behavior is not recognized as a bug on a security concern. So let’s go back to the start, where this all began. Somewhere around May…

The title probably got your attention, and it should. This finding was reported to Microsoft in April 2022 and has never been picked up. Therefor this is still exploitable in all Azure AD environments using Privileged Access Groups. How it started Well, like most of the time, it all starts with a simple…

In this blog I will explain the risk of storage accounts and how to abuse them for lateral movement. Looking at the title of this blog, you probably think that I was able to find a set of credentials in a storage account and used these to login to the…

This blog is a conceptual idea and attempt to create a baseline for writing KQL code, also known as the Kusto Query Language. Introduction The kusto query language or better known as KQL is a fast growing language in the Microsoft community. More and more resources are using KQL as query…

Ever needed to create an Azure Policy and had absolutely no clue where to start? We all have been there, and that is why I decided to create an Azure Policy 101 blog post. In this blog I will explain the approach that I take when creating a policy definition…