Hack Red Con 2024
-
End the Burnout - 3 things your CISO wishes you knew.
Mark Thacker
-
Doors, Cameras, and Mantraps: Oh, my!
Dylan "The Magician" Baklor
-
Registration Opens
Oct. 25
-
Opening Ceremony
Oct. 25
-
Keynote Round Table - Ed Skoudis, Dave Kennedy, Ken Nevers, Amanda Berlin
Oct. 25
-
Intro to Infrastructure Automation for Offensive Security
Alex MartirosyanOct. 25
-
Securing Derby 150
Jason PaytonOct. 25
-
Creating Intelligence From Malware Samples
Jon "Wally" Prather and Jeff SmealOct. 25
-
CISO Roundtable
Oct. 25
-
Reframing the “Success” of an Offensive Test: Taking a Risk-Based Approach
Celina StewartOct. 25
Chirag Savla is a cyber security professional with 9+ years of experience. His areas of interest include penetration testing, red teaming, azure and active directory security, and post-exploitation research. For fun, he enjoys creating open-source tools and exploring new attack methodologies in his leisure. Chirag has worked extensively on Azure, Active Directory attacks and defense, and bypassing detection mechanisms. He is the author of multiple open-source tools such as Process Injection, Callidus, and others. He has presented at many conferences and local meetups and has trained people in international conferences like Blackhat, BSides Milano, HackSpaceCon, Wild West Hackin’ Fest, Vulncon.
In the era of innovation and growth, technology and evolving landscape of cloud services, hybrid environments has become crucial for running smooth business operations. Integration between Cloud and On-Premise environments has helped organizations to build a bridge to fill the gap and increased flexibility, scalability, and agility in these digital world. This presentation delves into the complexities of various Azure offerings, investigating how malicious actors can exploit them to breach on-prem server.
We initiate our talk with a robust device management solution, demonstrating how attackers can enlist devices and manipulate certain functionalities to execute commands, which give complete access to Employee's Devices. Transitioning to another Azure feature, we dissect a connectivity option that enables PowerShell Remoting, effectively bridging the gap between Azure and on-premises servers.
Our exploration extends to Hybrid Workers which can be utilized to execute commands on on-premises servers, providing attackers with a stealthy pathway and can also be misused for persistence. We then examine Azure Arc and its Custom Script Extension, illustrating how it can be leveraged to execute commands within on-premises environments from the cloud.
The talk extends to the realm of Azure DevOps, where we shed light on abuse use case associated with custom agents being used for pipeline operations, granting unauthorized entry to on-prem resources. And finally, attention is drawn to the exploitation of web-based vulnerabilities, such as Remote Code Execution (RCE), to establish a foothold in on-prem networks which leverages Azure services for hosting on-prem applications.