Showing Articles About
cloud
-
Calum Elrick Max Toper 
Leonidas Tsaousis - 15 Oct 2025
Entra Connect Exploitation in 2025: An Overview
Entra Connect is the bridge between Microsoft's on-prem and cloud worlds, synchronising Active Directory and Entra ID identities. As such, it has traditionally served as a high-value target for threat actors. Conversely, continuous imrpovements by Microsoft have drastically changed the attack surface, leading to confusion about which exploitation techniques are still relevant and which aren't. This post will aim to clarify and document the Entra Connect exploitation landscape in 2025, and what defenders need to know to stay ahead.
-
Christian Philipov - 3 Sep 2025
Staying Sneaky in the Office (365)
SharePoint APIs provide a default functionality which can be used to download files outside of trusted devices and IP addresses. Thus, bypassing assumptions regarding where sensitive documents can be accessed from and providing an avenue for an attacker to exfiltrate information
-
Thomas Byrne - 6 Aug 2025
Breaking Down Azure DevOps: Techniques for Extracting Pipeline Credentials
Workload Identity Federation - is it all it makes out to be? Does it *really* prevent attackers from extracting credentials from pipeline identities that use modern authentication technique?
-
Tom Taylor-MacLean - 30 Jul 2025
Elevating Attack Path Mapping to the Clouds
An introduction to Reversec's Cloud Attack Path Mapping (APM) service, looking at where it originated from, why it works and how it compares to other styles of testing. After looking at the current state of testing, consideration is given to how effective our future-looking service can be for both cloud-native and hybrid environments. Examples are given of previous success stories where interesting, and sometimes unusual, results have occurred!