A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Raindance: Raining Recon from the Microsoft Cloud - Michael Stringer BSides Cleveland 2018 (Hacking Illustrated Series InfoSec Tutorial Videos)

Raindance: Raining Recon from the Microsoft Cloud
Michael Stringer

@TRUExDEMON

This talk will focus on using targeted organization's own cloud infrastructure against it in order to gather actionable intelligence against it. The Microsoft Cloud in particular holds a vast amount of information that can be gathered with automated tools thanks to the built-in APIs and Powershell libraries. Access to the cloud must be obtained through an authenticated session, but does not require a domain joined machine, only user-based access. A thorough description and catalog of the information that can be found in the cloud will be given, along with a simple, user-friendly tool for gathering it with ease. This talk will also describe a handful of scenarios where this information can be used to carry out further attacks, perform internal phishing, and abuse built-in features to eventually pop shell without launching a single exploit.

I'm a passionate hacker and tech geek that has been playing with computers since my first Windows 98 machine I built in 2000. Generally speaking, I just enjoy computers and hacking. They're my favorite things to play with, teach and talk about. I started in the information security field around 2012 and spent a long career in various IT roles working towards becoming a penetration tester. I've since gotten that chance after coming on board with SecureState in the beginning of 2017 and have been free to pursue my personal goals of tool and exploit development, malware research, and other cool stuff like that. I've been doing digital forensics, a bit of coding, penetration testing, and consulting for the past five years and even have done some writing. I have one published book, The Hacker Ethos, which I self-published under my handle in 2015.


Back to BSides Cleveland 2018 video list

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2016, IronGeek
Louisville / Kentuckiana Information Security Enthusiast