Tag: Azure
-
One Tool to Rule the Clouds: Auditing AWS, Azure, and Alibaba with Cloudtoolkit
cloudtoolkit Interactive multi-cloud security assessment framework. Capability overview Providers Payload Supported Alibaba Cloud backdoor-user: Backdoored user can be used to obtain persistence in the Cloud environment. bucket-dump: Quickly enumerate buckets to look for loot. cloudlist: Getting Assets from Cloud Providers to augment Attack Surface Management efforts. ECS (Elastic Compute Service) OSS (Object Storage Service) RAM…
-
Stealing the Keys to the Cloud: SpecterBroker Unveils the Secrets of Windows Token Broker
SpecterBroker Advanced Windows authentication token extraction and decryption tool for red team operations and security research. SpecterBroker is a comprehensive post-exploitation tool designed for extracting and decrypting Windows authentication tokens from multiple sources. It targets the Windows Authentication Manager (WAM), Token Broker cache (TBRes), and related authentication subsystems to retrieve Access Tokens, Refresh Tokens, ID Tokens,…
-
The API Assassin: How “LOLAPI” Unmasks the Native Commands Turning Windows and Cloud Against You
A security researcher operating under the pseudonym Magic Claw has inaugurated LOLAPI, a structured compendium of systemic APIs frequently subverted by adversaries in orchestrated incursions. This repository serves as a profound knowledge base, elucidating how conventional application programming interfaces within Windows, cloud ecosystems, and web browsers can be transmuted into instruments of compromise. The premise…
-
Microsoft Unveils ‘Fairwater’: A Planet-Scale AI Superfactory for Trillion-Parameter Models
The artificial intelligence industry demands ever-greater computational power, and large-scale models no longer fit within traditional cloud platforms. In response, Microsoft is developing Fairwater, a new class of data-center infrastructure engineered for training neural networks at scales previously unattainable for commercial systems. The company has launched another node of this complex in Atlanta, linking it…
-
Microsoft Severs Partnership with Israel’s Unit 8200 After Azure Was Used for Mass Surveillance in Gaza
Microsoft has severed its partnership with Israel’s military intelligence unit Unit 8200, cutting off its access to the company’s cloud infrastructure and artificial intelligence services. The decision followed revelations that Microsoft’s technologies had been used for the mass interception of Palestinian phone calls in Gaza and the West Bank, in direct violation of Azure’s usage…
-
msInvader: New Tool Lets Blue Teams Stress-Test M365 and Azure Defenses with Real-World Attacks
msInvader is an adversary simulation tool designed for blue teams to simulate real-world attack techniques within M365 and Azure environments. By generating realistic attack telemetry, msInvader empowers detection engineers, SOC analysts, and threat hunters to assess, enhance, and strengthen their detection and response capabilities. msInvader supports simulating techniques in two common attack scenarios: a compromised…
-
Microsoft Averts Mass Cloud Takeover Due to Azure Flaw
Microsoft narrowly avoided a vulnerability that could have led to the mass compromise of its cloud customers: Dutch researcher Dirk-jan Mollema uncovered two interrelated flaws in the Entra ID identity management service (formerly Azure Active Directory), which, when combined, allowed an attacker to gain global administrator privileges and effectively seize control of any Azure tenant.…
-
MadeYouReset: A New HTTP/2 Flaw That Could Lead to DoS Attacks
A newly disclosed vulnerability in the HTTP/2 protocol, dubbed MadeYouReset (CVE-2025-8671), was revealed on August 13, 2025. The flaw allows an attacker to send specially crafted protocol frames that force the server to repeatedly reset streams within a single connection. This cycle of resets can result in excessive resource consumption and, in severe cases, lead…
-
How Storm-0501 is Pivoting to Cloud-Native Attacks
According to a report by Microsoft Threat Intelligence, the group Storm-0501 has shifted its focus from traditional on-premises ransomware campaigns to tactics centered on cloud services. Whereas in the past attackers deployed encryptors onto victims’ computers and servers, they now operate without conventional malware. By exploiting the built-in capabilities of cloud platforms, they rapidly exfiltrate…
-
Beyond Software: Microsoft Unveils Its Hardware-First Azure Security Strategy
For many years, Microsoft has built its cloud security strategy around hardware, and after a string of high-profile missteps, the company can no longer afford weak points. At the Hot Chips conference, Brian Kelly, Microsoft’s Partner in Security Architecture, detailed how Azure establishes multi-layered protection—from trusted execution environments embedded in processors to custom silicon for…
-
Nested App Authentication: Microsoft’s New Feature Is a Double-Edged Sword for Azure Security
Microsoft has introduced a new mechanism known as Nested App Authentication (NAA), which is steadily becoming a key component of the company’s cloud ecosystem. The concept is straightforward: if a user has already signed into one application, that application can act as a broker, issuing tokens that grant access to other services. This approach strengthens…
-
Microsoft Azure Used to Store Vast Trove of Palestinian Surveillance Data, Investigation Reveals
Israel’s military intelligence unit, Unit 8200—specializing in cyber-espionage and electronic surveillance—has been using Microsoft’s cloud servers to store a vast archive of data on residents of Gaza and the West Bank. This trove, leveraged in planning airstrikes and other military operations, includes audio recordings of millions of intercepted phone calls gathered through continuous monitoring of…
-
MSFTRecon: Unauthenticated Recon Tool for Microsoft 365 & Azure
MSFTRecon is a reconnaissance tool designed for red teamers and security professionals to map Microsoft 365 and Azure tenant infrastructure. It performs comprehensive enumeration without requiring authentication, helping identify potential security misconfigurations and attack vectors. MSFTRecon provides valuable insights for red teamers: Identity Attack Vectors Identifies authentication methods for targeted attacks Reveals potential password spray…
-
CVE-2023-36052: Microsoft Addresses Critical Azure Vulnerability
Microsoft has released a security update to address a critical vulnerability in the Azure CLI that could be exploited by attackers to recover plaintext passwords and usernames from log files created by the affected CLI commands. The vulnerability, tracked as CVE-2023-36052, enables unauthenticated attackers to remotely access plain text contents written by Azure CLI to…
-
Cloud services such as Azure are still the main source of Microsoft’s revenue
Microsoft earlier announced the content of its Fiscal Year 2022 Third Quarter, in which revenue reached $49.36 billion, an increase of 18% compared to the same period last year. The revenue of the Intelligent Cloud segment including Azure reached $19.05 billion, a year-on-year increase of 26%. At the same time, the revenue of cloud businesses…
-
Microsoft and NBA announce a long-term partnership to use Azure and Surface
Microsoft and the NBA (National Basketball Association) announced that the two sides have reached a long-term partnership, and the achievement of this result will bring fans a better NBA experience. “We have a passion for innovating and improving the quality of our devices and services, and are especially excited about this opportunity to improve the…