Showing Posts About

Matthew lucas

Detecting Attacks against Azure DevOps

This article explores detection opportunities for attacks against Azure DevOps, focusing on telemetry sources and logging limitations. It details how malicious actors can exploit Azure AD applications, steal Personal Access Tokens (PAT), and compromise DevOps pipelines. The research emphasizes the importance of multi-source logging and contextual analysis to detect sophisticated DevOps security incidents.

Performing and Preventing Attacks on Azure Cloud Environments through Azure DevOps

This article explores potential attack paths in Azure DevOps by demonstrating how an unprivileged user can compromise cloud environments. The attack scenario involves phishing a Personal Access Token (PAT) to gain access to Azure DevOps repositories and pipelines. By manipulating pipeline code, an attacker can exfiltrate Service Principal credentials and gain unauthorized access to Azure cloud resources.