Select Page
Image: Initial Access Execution Persistence Privilege Escalation Defense Evasion Credential Access Discovery Lateral Movement Impact Using Cloud credentials Exec into container Backdoor container Privileged container Clear container logs List K8S secrets Access the K8S API server Access cloud resources Data Destruction Compromised images in registry bash/cmd inside container Writable hostPath mount Cluster-admin binding Delete K8S events Mount service principal Access Kubelet API Container service account Resource Hijacking Kubeconfig file New container Kubernetes CronJob hostPath mount Pod / container name similarity Access container service account Network mapping Cluster internal networking Denial of service Application vulnerability Application exploit (RCE) Access cloud resources Connect from Proxy server Applications credentials in configuration files Access Kubernetes dashboard Applications credentials in configuration files Exposed Dashboard SSH server running inside container Instance Metadata API Writable volume mounts on the host Access Kubernetes dashboard Access tiller endpoint

Attack matrix for Kubernetes

Kubernetes, the most popular container orchestration system and one of the fastest-growing projects in the history of open source, becomes a significant part of many companies’ compute stack. The flexibility and scalability of containers encourage many developers to move their ... continue reading
Screen shot of Editor within Microsoft Word helping provide insights like readability, count of distinct words, time to read, and time to speak.

Extending the power of Azure AI to Microsoft 365 users

Today, Yusuf Mehdi, Corporate Vice President of Modern Life and Devices, announced the availability of new Microsoft 365 Personal and Family subscriptions. In his blog, he shared a few examples of how Microsoft 365 is innovating to deliver experiences powered ... continue reading

IIS Best Practices

It has been almost eight years since I first wrote a blog on IIS best practices. During this time, several new versions of IIS have arrived, some reached end of lifecycle; we were introduced a new development platform called .NET ... continue reading
Secured-core PCs: A brief showcase of chip-to-cloud security against kernel attacks

Secured-core PCs: A brief showcase of chip-to-cloud security against kernel attacks

Gaining kernel privileges by taking advantage of legitimate but vulnerable kernel drivers has become an established tool of choice for advanced adversaries. Multiple malware attacks, including RobbinHood, Uroburos, Derusbi, GrayFish, and Sauron, and campaigns by the threat actor STRONTIUM, have ... continue reading
How to Implement Center for Internet Security (CIS) recommendations for Azure

How to Implement Center for Internet Security (CIS) recommendations for Azure

In the big wide world of security, it can be hard to know what Azure resource settings give you the best possible security posture. Organisations like the USA-based National Institute of Standards and Technology and the Center for Internet Security ... continue reading
Windows Admin Center and Azure VM Deployment: You Got Chocolate in my Peanut Butter!

Windows Admin Center and Azure VM Deployment: You Got Chocolate in my Peanut Butter!

Hi folks, Ned Pyle here to detail the ability Windows Admin Center’s new ability to create hybrid workload Azure VMs on the fly, a great time saver option for customers. This is available right now if you download build 1910 ... continue reading
The NVv4 VM sizes mapped to different VDI user profiles to guide customers to pick the right sized VM

Power your Azure GPU workstations with flexible GPU partitioning

Today we're sharing the general availability of NVv4 virtual machines in South Central US, East US, and West Europe regions, with additional regions planned in the coming months. With NVv4, Azure is the first public cloud to offer GPU partitioning ... continue reading
New tools to block legacy authentication in your organization

New tools to block legacy authentication in your organization

Hey folks, If you’re a regular reader of this blog series, you know we’ve been advocating for admins to enable multi-factor authentication (MFA) for a while. In one of my previous posts, Your Pa$$word doesn’t matter, I showed how vulnerable ... continue reading
Sync Mobile Apps and Azure using Change Tracking API-1.PNG

Sync Mobile Apps with Azure using Change Tracking API

If you are creating a mobile app that will work sending data back and forth from the cloud (I guess that 99% of the apps fall into this use case), you will have at some point the need to sync ... continue reading

Secure access to your API server using authorized IP ranges in AKS

In Kubernetes, the API server is the central way to interact and manage the cluster. To improve cluster security in Azure Kubernetes Server, Ruchika Gupta shows Scott Hanselman how you can restrict access to the API server to a limited ... continue reading