Showing Articles About
cloud
-
Christian Philipov - 14 Apr 2026
It's Just a Matter of Time: Backdooring Conditional Access Policies
Conditional Access Policies are a core control in every modern Entra tenant to prevent access outside of expected access methods. A discovery was made on a little-known policy condition that would allow an administrator to define time-based restrictions on when a policy would be evaluated or not. In the event that a sufficiently privileged administrator user was compromised, this capability could allow threat actors to effectively "disable" policies while still seemingly being marked as enabled in the portal.
-
Aleksi Kallio - 30 Mar 2026
Unexpected Routing Behaviour in AWS with VPC Peering and NAT Gateway
Reversec identified unexpected routing behaviour in AWS with configurations involving NAT gateways and VPC peering connections
-
Calum Elrick Max Toper 
Leonidas Tsaousis - 15 Oct 2025
Entra Connect Exploitation in 2025: An Overview
Entra Connect is the bridge between Microsoft's on-prem and cloud worlds, synchronising Active Directory and Entra ID identities. As such, it has traditionally served as a high-value target for threat actors. Conversely, continuous imrpovements by Microsoft have drastically changed the attack surface, leading to confusion about which exploitation techniques are still relevant and which aren't. This post will aim to clarify and document the Entra Connect exploitation landscape in 2025, and what defenders need to know to stay ahead.
- Christian Philipov
- 3 Sep 2025
Staying Sneaky in the Office (365)
SharePoint APIs provide a default functionality which can be used to download files outside of trusted devices and IP addresses. Thus, bypassing assumptions regarding where sensitive documents can be accessed from and providing an avenue for an attacker to exfiltrate information
-
Thomas Byrne - 6 Aug 2025
Breaking Down Azure DevOps: Techniques for Extracting Pipeline Credentials
Workload Identity Federation - is it all it makes out to be? Does it *really* prevent attackers from extracting credentials from pipeline identities that use modern authentication technique?
-
Tom Taylor-MacLean - 30 Jul 2025
Elevating Attack Path Mapping to the Clouds
An introduction to Reversec's Cloud Attack Path Mapping (APM) service, looking at where it originated from, why it works and how it compares to other styles of testing. After looking at the current state of testing, consideration is given to how effective our future-looking service can be for both cloud-native and hybrid environments. Examples are given of previous success stories where interesting, and sometimes unusual, results have occurred!