I'm In Your Cloud... Pwning Your Azure Environement

Conference:  Defcon 27



The presentation discusses the vulnerabilities and privileges of Azure environment and how attackers can gain access to it. It also explores the differences between on-premise and cloud security.
  • Introduction to Azure AD and its architecture
  • Compromising Azure AD Sync and vulnerabilities
  • Cloud roles and privileges
  • Backdooring Azure AD with service accounts
  • Azure Resource Manager and its connection to Azure AD
  • Integrations and Azure DevOps
  • Importance of securing cloud environment
The speaker talks about how the cloud is often seen as a magic and secure solution, but in reality, it can be compromised if not secured properly. The talk focuses on Azure AD and how attackers can gain access to it through various means, such as compromising Azure AD Sync and backdooring Azure AD with service accounts. The speaker also emphasizes the importance of securing cloud environment and highlights the differences between on-premise and cloud security.


After having compromised on-premise for many years, there is now also the cloud! Now your configuration mistakes can be accessed by anyone on the internet, without that fancy next-gen firewall saving you. With this talk I’ll share my current research on Azure privileges, vulnerabilities and what attackers can do once they gain access to your cloud, or how they can abuse your on-premise cloud components. We start with becoming Domain Admin by compromising Azure AD Sync, sync vulnerabilities that allow for Azure admin account takeover and insecure Single Sign On configurations. Up next is cloud roles and privileges, backdooring Azure AD with service accounts, escalating privileges as limited admin and getting past MFA without touching someone's phone. Then we finish with cloud integrations, also known as "how a developer can destroy your whole infrastructure with a single commit": Exploring Azure DevOps, backdooring build pipelines, dumping credentials and compromising Azure Resource Manager through connected services. Besides all the fun we'll also look into how this translates into the questions you should ask yourself before moving things to the cloud and how this differs from on-premise.