Hacking the Hybrid Cloud

The presentation discusses the vulnerabilities and potential attacks on hybrid cloud systems, specifically focusing on Microsoft Cloud and its integration with on-premises infrastructure. The speaker covers topics such as virtualization, compromised domain controllers, cloud administration, and identity access management.

• Hybrid cloud refers to the integration of on-premises infrastructure with cloud services
• Virtualization is a foundational concept of the cloud
• Compromising physical domain controllers can lead to compromising the entire system
• Azure AD Seamless Single Sign-On can be compromised by gaining access to the computer account password
• Azure AD Connect's password hash sync permissions can be exploited to compromise the server and ultimately Active Directory
• Identity access management is important in cloud environments and roles provide different levels of access
• Overscoped roles can provide escalation capability and lead to privilege escalation

The speaker mentions how compromising physical domain controllers can be as simple as gaining access to the out-of-band management system, such as iLO, which hosts a web server on port 2381. Airbus Security has identified many security issues with iLO, but firmware patches are often not updated on physical servers. This vulnerability can lead to compromising the entire system.

Most companies have moved into the cloud and on-premises applications and systems remain. This configuration is reasonably referred to as "hybrid"; in the cloud and not at the same time. Hybrid cloud requires integration and communication between the remaining on-prem infrastructure and the new(er) cloud services. This talk describes several scenarios that appear to subvert typical security and protections which involve federation configuration, Identity Access Management (IAM), and interaction between SaaS and IaaS in the Microsoft Cloud.