Showing Posts About

Cloud

Staying Sneaky in the Office (365)

SharePoint APIs provide a default functionality which can be used to download files outside of trusted devices and IP addresses. Thus, bypassing assumptions regarding where sensitive documents can be accessed from and providing an avenue for an attacker to exfiltrate information

Breaking Down Azure DevOps: Techniques for Extracting Pipeline Credentials

Workload Identity Federation - is it all it makes out to be? Does it *really* prevent attackers from extracting credentials from pipeline identities that use modern authentication technique?

Elevating Attack Path Mapping to the Clouds

An introduction to Reversec's Cloud Attack Path Mapping (APM) service, looking at where it originated from, why it works and how it compares to other styles of testing. After looking at the current state of testing, consideration is given to how effective our future-looking service can be for both cloud-native and hybrid environments. Examples are given of previous success stories where interesting, and sometimes unusual, results have occurred!