Lightnews — Scholar-powered news

Karl Fosaaen @kfosaaen.bsky.social · Jul 24

Cody really did all the heavy lifting here with figuring out the decryption. I just automated that process into a tool. Make sure to read his blog on that process - dazesecurity.io/blog/abusing...

Continuous Testing

dazesecurity.io

Automating Azure App Services Token Decryption | Tech Blog - NetSPI

Karl Fosaaen @kfosaaen.bsky.social · Jul 24

Building off of @codyburkard.com's prior work, I put together a tool for automating the decryption of Entra ID application tokens from Azure App Services resources.
Here's a blog that outlines the tooling:
www.netspi.com/blog/technic...

Discover how to decrypt Azure App Services authentication tokens automatically using MicroBurst’s tooling to extract encrypted tokens for security testing.

Set Sail: Remote Code Execution in SailPoint IQService via Default Encryption Key

Karl Fosaaen @kfosaaen.bsky.social · Jul 18

I'm very excited to share that Thomas Elling and I will be presenting "We Know What You Did (in Azure) Last Summer" at the DEF CON @cloudvillage-dc.bsky.social this year (Friday - 10 AM). We will go over some techniques that can be used to find the owners of multiple types of Azure resources.

2 5

Reposted by Karl Fosaaen

NetSPI @netspi.bsky.social · Jul 8

NetSPI Principal Security Consultant Jason Juntunen recently published findings on a Remote Code Execution vulnerability in SailPoint's IQService component.

👉 Read the full technical breakdown: ow.ly/GbT150WmgRg

#proactivesecurity #VulnerabilityResearch

NetSPI discovered a remote code execution vulnerability in SailPoint IQService using default encryption keys. Exploit details, discovery methods, and remediation guidance included.

MicroBurst/Az/Get-AzLoadTestingData.ps1 at master · NetSPI/MicroBurst

2 1

Karl Fosaaen @kfosaaen.bsky.social · Jul 1

New Function (Get-AzLoadTestingData) was also added to MicroBurst to automate this attack
github.com/NetSPI/Micro...

A collection of scripts for assessing Microsoft Azure security - NetSPI/MicroBurst

Karl Fosaaen @kfosaaen.bsky.social · Jul 1

TL;DR
The service allows you to run JMeter load tests.
It supports Managed Identities and Key Vaults.
You can get code execution on the service to extract tokens, vault secrets and certs

Extracting Sensitive Information from Azure Load Testing

Karl Fosaaen @kfosaaen.bsky.social · Jul 1

I have a new post out on the @netspi.bsky.social blog today. This one is on extracting sensitive information from the Azure Load Testing service. www.netspi.com/blog/technic...

Learn how Azure Load Testing's JMeter JMX and Locust support enables code execution, metadata queries, reverse shells, and Key Vault secret extraction vulnerabilities.

Chris Krebs kicked off CBP’s Global Entry program | CNN Politics

1 2 3

Reposted by Karl Fosaaen

Scott Sutherland @nullbind.bsky.social · Apr 2

I had a great time at #socon2025! Big thanks to the SpecterOps crew for hosting. Slides for my "Hunting SMB Shares" talk are below for those who are interested.

Slides
github.com/NetSPI/Power...

PowerHuntShares
github.com/NetSPI/Power...

2 3

Reposted by Karl Fosaaen

Katie Moussouris (she/her/she-hulk/she-ra)🌻 @k8em0.bsky.social · May 1

If you’re on the fence about signing on to that @eff.org letter to support @thekrebscycle.bsky.social , please consider doing it sooner rather than later.

Don’t wait until there’s no one left to speak for you. #RSAC2025

www.cnn.com/2025/04/30/p...

Chris Krebs’, President Donald Trump’s former director of the Cybersecurity and Infrastructure Security Agency, membership in Global Entry has been revoked. Krebs, who has repeatedly attested to the s...

www.cnn.com

2 25 59

Karl Fosaaen @kfosaaen.bsky.social · Feb 27

If anyone wants to help out on a (hopefully) easy update for some functions in MicroBurst, we will need to make some adjustments for "Get-AzAccessToken" token output switching to a SecureString in Az PS 14.0.0
github.com/NetSPI/Micro...

Changes to Get-AzAccessToken token output (String to SecureString) · Issue #46 · NetSPI/MicroBurst

The Get-AzAccessToken cmdlet token output will be switching to a SecureString in version 14.0.0. There are currently several MicroBurst functions that make use of this cmdlet to get tokens. We will...

Hijacking Azure Machine Learning Notebooks (via Storage Accounts)

Karl Fosaaen @kfosaaen.bsky.social · Feb 11

Quick addition to Get-AzPasswords in MicroBurst - Azure OpenAI keys

This new section will dump any available OpenAI keys from Cognitive Services deployments that your user has list key permissions on.

github.com/NetSPI/Micro...

5

Karl Fosaaen @kfosaaen.bsky.social · Jan 8

And here's a link to the blog - www.netspi.com/blog/technic...

Abusing Storage Account Permissions to attack Azure Machine Learning notebooks

Karl Fosaaen @kfosaaen.bsky.social · Jan 8

The tooling was inspired by the research in this talk by Aled Mehta and Christian Philipov - "[D24] Smoke and Mirrors: How to hide in Microsoft Azure" - www.youtube.com/watch?v=uvoV...

MicroBurst/Az/Get-AzMachineLearningCredentials.ps1 at master · NetSPI/MicroBurst

Karl Fosaaen @kfosaaen.bsky.social · Jan 8

In addition to the blog out today, there's a new tool in MicroBurst - Get-AzMachineLearningCredentials
This one has been in the works for a while, but it's a tool to dump the credentials that are stored by the Azure Machine Learning service. github.com/NetSPI/Micro...

A collection of scripts for assessing Microsoft Azure security - NetSPI/MicroBurst

Hijacking Azure Machine Learning Notebooks (via Storage Accounts)

1 3 5

Karl Fosaaen @kfosaaen.bsky.social · Jan 8

New
@netspi.bsky.social
blog out today on "Hijacking Azure Machine Learning Notebooks (via Storage Accounts)". This is very similar to Storage Account attacks that have been done against Function/Logic Apps and Cloud Shell - www.netspi.com/blog/technic...

Abusing Storage Account Permissions to attack Azure Machine Learning notebooks

Balancing Security and Usability of Large Language Models: An LLM Benchmarking Framework

Karl Fosaaen @kfosaaen.bsky.social · Dec 30

A big thank you to MSRC for the 2024 MVR merch! This is a nice way to wrap up the year.

2

Reposted by Karl Fosaaen

NetSPI @netspi.bsky.social · Dec 16

Balancing usability and security in deployments introduce new and unfamiliar risks to organizations. NetSPI created an open Large Language Model (LLM) framework to help clarify some ambiguity around LLM security.

Read more about this framework in our most recent article: ow.ly/Nhjs50Usaio

Explore the integration of Large Language Models (LLMs) in critical systems and the balance between security and usability with a new LLM benchmarking framework.

GitHub - NetSPI/Open-LLM-Security-Benchmark

Reposted by Karl Fosaaen

NetSPI @netspi.bsky.social · Dec 17

What happens when you prioritize security over usability in AI models—or vice versa? Our Open LLM Security Benchmark dives deep into the trade-offs and implications, showcasing why this balance is critical for the future of AI. Access the paper here: ow.ly/zT2g50UsaZH

Contribute to NetSPI/Open-LLM-Security-Benchmark development by creating an account on GitHub.

ow.ly

1 1

Karl Fosaaen @kfosaaen.bsky.social · Dec 16

This is some really exciting work from our team. Make sure to check out the benchmark repo on GitHub -https://github.com/NetSPI/Open-LLM-Security-Benchmark/tree/main

NetSPI @netspi.bsky.social · Dec 16

Balancing usability and security in deployments introduce new and unfamiliar risks to organizations. NetSPI created an open Large Language Model (LLM) framework to help clarify some ambiguity around LLM security.

Read more about this framework in our most recent article: ow.ly/Nhjs50Usaio

Balancing Security and Usability of Large Language Models: An LLM Benchmarking Framework

Explore the integration of Large Language Models (LLMs) in critical systems and the balance between security and usability with a new LLM benchmarking framework.