MAD SCIENTIST / AZURE MVP EXPLORING THE REALMS OF AZURE, NODEJS, AZURE AD AND MICROSOFT SECURITY
Research for CAOptics – Azure AD Conditional Access – Investigating Guest user conditions parity between new and old policies (11/14/2022)- Public Disclosure: Databricks – Former standard clusters & admin privilege escalation (10/11/2022)
Azure Devops – Update network restricted App Service via Microsoft-hosted Azure DevOps agent (5/31/2022)
Azure AD Workload Federation anywhere? (5/23/2022)
Highly experimental – Bypassing trusted Device requirements for Azure CLI in restricted environments where API’s are only available for browser sessions (5/17/2022)
Bypassing sign-in frequency requirements for Conditional Access on 3rd party clients (5/12/2022)
Azure AD Cross-tenant attacks via multi-tenant implants (servicePrincipals) (5/5/2022)
Azure Monitor – Malicious KQL Query (4/27/2022)- Collection AAD authentication related tools (4/22/2022)
Microsoft Cloud Security Research – Public Disclosure – Gaining Unlimited access to graph AuditLogs endpoint using complex filters with non-privileged user account (4/21/2022)- Add user as reader to Azure Devops projects (4/13/2022)
First line of defence – Review Azure AD Gaps in Conditional Access with Log Analytics / Azure Sentinel (4/11/2022)
MSRC – Joint security research write up – Azure AD Consent bypass disclosure with Kim Jamia – Q1/2022 (4/9/2022)
KQL – Materialize query? (4/1/2022)- Getting data from AKS without kubeCTL (3/18/2022)
Hunting for secrets in Azure Data Factory pipeline run inputs and outputs (2/22/2022)
AKS – understanding bypass of network limitations for private API server via Azure Resource Manager (2/16/2022)- Azure monitor workbooks – use existing query as source for subsequent query or part (2/11/2022)
- Cookie replay client for testing Azure AD Identity Protection (2/7/2022)
- Create AAD Logs redirection from another tenant with Azure CLI in Bash (2/5/2022)
AZ CLI – Delete tagged groups in bash (2/2/2022)
Azure Service Authentication and Authorization table updated – Azure Policy to audit non-Azure AD Authentication and AKS management (1/23/2022)- App Service – ’Issuer validation failed’ – Troubleshooting (12/31/2021)
Authorize Logic Apps in Azure Functions with Logic App managed identity and Azure AD (12/31/2021)
Using Application.ReadWrite.OwnedBy and addKey methods for Graph API (12/29/2021)- Security Posture Management with Azure Policy and Microsoft Defender for Cloud (12/17/2021)
WSL2 – Use docker with VSCode without docker desktop (Windows 11) (12/7/2021)
Azure App Service – Authorize custom JWT tokens from API clients (12/2/2021)
Deep diver – Azure AD Federated Credentials (11/30/2021)
Azure AD deprecation of TLS 1.0 and 1.1 – how to investigate using Azure Monitor? (11/29/2021)- Azure Kubernetes Service – Enhanced Kubernetes cluster pod security baseline standards for Linux-based workloads (11/29/2021)
AKS – Policy reference: Overriding or disabling of containers AppArmor profile should be restricted (11/18/2021)- AKS – SSH to first node without VPN (11/17/2021)
AKS – Ensure public load balancer creation is audited or denied on Azure Kubernetes (11/15/2021)- MicroK8s notes on installation with Azure ARC (11/15/2021)
- draft notes on installing Kubernetes on Ubuntu multipass setup (11/12/2021)
- Azure Devops – Change from stakeholder to basic access level (10/18/2021)
- Running Azure Cloud Shell without subscription level contributor (10/16/2021)
- Dump Kudu logs and app files from webapp with Nodejs or powershell (10/5/2021)
Node.js – Azure AD JWT verification key runtime caching (10/5/2021)- Nodejs – sharing mongoDb connection (10/3/2021)
Mitigation: APIM Policy – Protect API Management from WAF Bypass with Azure Front Door (9/30/2021)- Azure Functions Starter Kit Node.js on Linux (9/24/2021)
Azure Sentinel – Detect Service Connection use outside of pipeline (9/15/2021)
KQL example WAF (9/13/2021)
AKS Security Focused Architecture reference (network) with Azure Firewall (9/11/2021)- Picture – Managed Identity Locally in Node.JS (9/10/2021)
Demo: Accessing AZ CLI remotely via NodeJS express app (9/7/2021)
Blog Preview – Automatic enablement of diagnostic settings for security logs (9/1/2021)
Restricting Access to Azure Container Registry from AKS while allowing Azure Defender Access (8/26/2021)- Azure AKS – Reviewing recommendations from Security Center – Disabling Automounting API Credentials (8/17/2021)
- End to end authentication &Authorization using Azure AD for Azure SQL Database (Node.JS) (8/14/2021)
Azure Integration baseline security: Network and authentication and authorization (8/13/2021)
NodeJS proxy router streams implementation example for ExpressJS (8/5/2021)- Named and trusted networks in Azure AD logs with Log Analytics (8/4/2021)
Using PowerShell to find dangling Redirect URI’s in Azure AD Tenant (5/28/2021)
Azure AD Client Credentials Architecture documentation for single tenant apps (5/25/2021)
Deep Diver – Azure AD Conditional Access authentication context setup for custom apps and MS Cloud App Security (5/22/2021)
Node.js and Azure Log Analytics Collector API – Sending data in pre-defined chunk sizes (5/21/2021)
Microsoft 365 – Double Key Encryption service configuration (5/10/2021)
Azure DevOps – Access Azure AD Protected API’s from pipeline (5/5/2021)
Demo: Conditional Access Automation with Azure DevOps and Node.JS (5/4/2021)- GitHub Apps and JWT based flow for server-to-server use (4/28/2021)
Testing: Conditional Access Automation with Node.JS and Github (4/27/2021)- Azure AD Delegated permissions one-slider (4/22/2021)
- Add Directory Extension attribute to Azure AD Access Token (4/13/2021)
Azure DevOps – use certificate for Azure Service Connection SPN (4/13/2021)
Alert on indicators for the illegitimate use of by-design Azure AD Bypass for AKS cluster access (4/8/2021)- Azure API Management – What’s what in OAuth2 related settings? (3/28/2021)
Allowing Azure management access from cross-tenant SPN via Azure Lighthouse (3/25/2021)
PoC – Grant Azure AD OAuth2 Permissions without tenant-wide consent (3/9/2021)
Azure Resource Manager Logs: One-pager explaining core logging functionality (2/19/2021)
Find any multi-valued Directory Extension attribute via Graph API $search operator (2/18/2021)
Azure API Management – Call Azure Functions with Managed Identity (2/11/2021)
Deep-diver: Hardening authentication and authorization between logic apps and API management (2/9/2021)
Injecting data from Azure Functions to Log Analytics queries via Azure Monitor Workbooks (1/26/2021)
Project Log 0 : Monitor logins by accounts assigned Azure AD roles (1/20/2021)
Node.js GitHub Repo: Azure AD Client Credentials With Certificate (1/19/2021)
Azure API management – Enforce use of Certificate in Client Credentials Flow (1/15/2021)
Azure Active Directory Sign-Ins Using LegacyAuth fork to include Non-interactive logins (1/11/2021)
Log Analytics – normalizing different data types for analytics (1/11/2021)
Express.JS middlewares on Azure Functions via custom handlers (1/4/2021)
Azure Sentinel & Log Analytics – Cross correlate between data on Azure Blob Storage and Log Analytics (12/7/2020)- DynDNS endpoint on Azure Functions (11/30/2020)
Defence in depth: Securing Azure App Service with Azure Front Door WAF, NodeJS runtime Security enhancements tested with OWASP ZAP (11/25/2020)
Experimental testing: Updating source authority for existing B2B collaboration user to type ’Multiple’ by matching synced AD object (11/20/2020)
Securing Azure Lighthouse with Azure Policy and Azure Privileged Identity Management for MSP’s and customers (11/13/2020)
Quick spin: Azure Managed Identity on non-Azure VM’s with Azure ARC and Node.JS Runtime (11/3/2020)
Correlating Azure AD logs to Office 365 workload operations With Azure Sentinel (10/27/2020)
Brief testing: Converting internal on-premises accounts to B2B collaboration accounts (10/2/2020)
Covid19 Challenges for the remote enterprise: Allowing exceptions to Secure MFA enrollment (9/25/2020)
Debugging the switch to Monthly Active Users in Azure AD B2X Collaboration (9/11/2020)
Testing log – Blocking reverse shell from App Service (Linux) while allowing access to management and Azure Services (9/7/2020)
Azure Security Center Exhibits from the field – Detecting SQL Injection with Advanced Data Security (9/2/2020)
Azure Security Center – Exhibits from the field (8/31/2020)
Project Log Part 3: Automating Azure Security Reports – Combining Subscription and resource security results (8/29/2020)
’Quick and Dirty’ – ad-hoc ways of GETting data from Azure Management API (8/28/2020)
Poc Part 0 – Azure Blob Storage right click to share files! (8/24/2020)
Alternative take on Azure AD ‘Break Glass’ account (8/16/2020)
Project Log Part 2: Automating Azure Security Reports – NodeJS API for AZSK (8/14/2020)
SecureCloudBlog 