Create accountLogin

Recent searches

No recent searches

Search options

Only available when logged in.
mstdn.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A general-purpose Mastodon server with a 500 character limit. All languages are welcome.

Administered by:

Server stats:

15K
active users

mstdn.social: AboutStatusProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.3.4

#azure

76 posts30 participants1 post today
Public
0x40k

Whoa, things are really heating up again in the cloud world... GCP, Azure, AWS – seems like there's trouble brewing everywhere! 🤯

Seriously, these privilege escalation bugs that keep popping up, like the recent "ConfusedComposer," are a *major* headache.

Look, we all know the cloud offers amazing capabilities, right? But we absolutely *cannot* let security take a backseat. That brings us straight to IAM: it's all about permissions, permissions, permissions! You really can't hammer that home enough.

And hey, don't just rely on your automated tools. They're definitely helpful, no doubt, but they simply won't catch *everything*. Remember to factor in manual pentests too, folks. They're crucial.

So, spill the beans: how are *you* keeping your cloud infrastructure locked down tight these days? Got any insider tips or tricks you're willing to share? 🤔

#CloudSec#Pentest#AWS
Public
0x40k

Whoa! Microsoft's really doubling down on security lately. They've shifted MSA into Azure Confidential VMs, and it looks like Entra ID is up next. Honestly, this feels like more than just a routine update – seems like a direct answer to that Storm-0558 attack, right?

It's definitely good to see them being proactive. Hearing about 90% token validation via hardened SDKs and hitting 92% MFA for their own team? That's gotta seriously cut down the risk of lateral movement. Big plus there.

BUT, and this is a big one, let's not forget about manual pentesting. Automated scans? Yeah, they're useful, but they just can't replace a real human digging around. Especially with cloud setups, you *really* need that expert eye for the subtle stuff. Otherwise, you might only find those security gaps when it’s already too late. AI's cool tech, for sure, but let's be real – it's a tool, not a magic wand.

What's your take on this? Are you guys also using a blend of automated tools and hands-on manual testing in your security strategy? Let me know below!

#CloudSecurity#Pentest#Microsoft
Public
Daily Azure Shit

Day 435. When you recently created a new #Azure subscription and try to query costs data using the Cost Management API, the request will fail because there is not data yet. But instead of stating that, the API will tell you that the subscription does not have a valid "WebDirect/AIRS" offer type, whatever that is supposed to mean.

Public
13reak :fedora:

Watch out with your Azure Automation Account / Runbooks.

  • they often include hard-coded credentials
  • their output is not protected. So attackers can see your results
  • they can use Shared Resources (i.e. credentials or certificates)
  • Hybrid Worker and Azure Arc allow access to your on-premise infrastructure

Dangerous stuff if not managed correctly!

#cloud#azure#knowledgedrop
ExploreLive feeds
About