Cody Burkard
@codyburkard.com
This was a fun one to dig into.
Ever wonder how Azure Easy Auth really works, and how to break it?
Turns out it's pretty easy, and it may be abusable for priv esc and lateral movement:
dazesecurity.io/blog/abusing...
Ever wonder how Azure Easy Auth really works, and how to break it?
Turns out it's pretty easy, and it may be abusable for priv esc and lateral movement:
dazesecurity.io/blog/abusing...
Continuous Testing
dazesecurity.io
May 26, 2025 at 10:32 AM
This was a fun one to dig into.
Ever wonder how Azure Easy Auth really works, and how to break it?
Turns out it's pretty easy, and it may be abusable for priv esc and lateral movement:
dazesecurity.io/blog/abusing...
Ever wonder how Azure Easy Auth really works, and how to break it?
Turns out it's pretty easy, and it may be abusable for priv esc and lateral movement:
dazesecurity.io/blog/abusing...
Looking forward to posting this one. I'm guessing it's another "by design", In which case all you Azure Security folks should stay tuned
November 27, 2024 at 8:11 PM
Looking forward to posting this one. I'm guessing it's another "by design", In which case all you Azure Security folks should stay tuned
Are you an Azure Pentester looking for new lateral movement techniques?
Take a look at my blog post about abusing Data Factory to steal secrets and tokens.
Thanks @karimscloud.bsky.social for the inspiration to look into this.
codyburkard.com/abusingselfh...
Take a look at my blog post about abusing Data Factory to steal secrets and tokens.
Thanks @karimscloud.bsky.social for the inspiration to look into this.
codyburkard.com/abusingselfh...
November 25, 2024 at 9:17 AM
Are you an Azure Pentester looking for new lateral movement techniques?
Take a look at my blog post about abusing Data Factory to steal secrets and tokens.
Thanks @karimscloud.bsky.social for the inspiration to look into this.
codyburkard.com/abusingselfh...
Take a look at my blog post about abusing Data Factory to steal secrets and tokens.
Thanks @karimscloud.bsky.social for the inspiration to look into this.
codyburkard.com/abusingselfh...
Hello BlueSky World :)
I am an Azure Security researcher living in Norway. I research attack techniques against Entra, Azure, and applications built in Azure.
You can find my blog at codyburkard.com
I am an Azure Security researcher living in Norway. I research attack techniques against Entra, Azure, and applications built in Azure.
You can find my blog at codyburkard.com
Rainy Days Security Blog
codyburkard.com
November 22, 2024 at 6:46 PM
Hello BlueSky World :)
I am an Azure Security researcher living in Norway. I research attack techniques against Entra, Azure, and applications built in Azure.
You can find my blog at codyburkard.com
I am an Azure Security researcher living in Norway. I research attack techniques against Entra, Azure, and applications built in Azure.
You can find my blog at codyburkard.com