Beware the Azure Guest User: How to Detect When a Guest User Account Is Being Exploited
In Azure environments, guest users are the go-to option when giving access to a user from a different tenant. Often,...
In Azure environments, guest users are the go-to option when giving access to a user from a different tenant. Often,...
The Orca Research Pod has discovered CosMiss, a vulnerability in Microsoft Azure Cosmos DB where authentication checks were missing from...
The Orca Research Pod has discovered FabriXss, a vulnerability in Azure Service Fabric Explorer
In the third part of the Orca Security blog post series about Azure AD and IAM, Roee shares research on...
Table of contentsWhat are managed identities?Getting a managed identity access tokenThe known privilege escalation methodMy research objectivesEscalation to managed identities’...
A short tutorial on Azure Active Directory (AD) & IAM to lay the the groundwork for future posts.