Part 1-Azure Console Pivoting 101 | Steve BoroshJoin us in the Black Hills InfoSec Discord server here: https://discord.gg/BHIS to keep the security conversation going! ///Part 2: https://youtu.be/0Iv3Ln5sJrg As more enterprises move their infrastructure to cloud services, the security perimeter continues to extend beyond the traditional firewall or DMZ. In this webcast, Steve will demonstrate the abilities and benefits of pivoting your traffic through Microsoft Azure Cloud Shell during your offensive engagements to achieve maximum success! ///Chapters 00:00 - Begin Part 1-Azure Console Pivoting 101 01:32 - Azure Console Quick Overview 04:38 - Cloudshell Phishes 07:08 - Internal Azure Space 07:42 - Curl For Public IP Address 08:20 - Tenant To Tenant Communication 09:13 - Web Server Hosting Preview 09:33 - Device Code Log On 10:32 - IP Address Info 11:22 - Connect to VMs From Target Cloud Shell 12:13 - Reverse SSH Tunnel 14:43 - Running Tools On the Target 18:04 - Remote Desktop Into Host 19:21 - SQL Services 22:06 - SQL Database Server ///SCShell https://github.com/Mr-Un1k0d3r/SCShell Black Hills Infosec Socials Twitter: https://twitter.com/BHinfoSecurity Mastodon: https://infosec.exchange/@blackhillsinfosec LinkedIn: https://www.linkedin.com/company/antisyphon-training Discord: https://discord.gg/ffzdt3WUDe Black Hills Infosec Shirts & Hoodies https://spearphish-general-store.myshopify.com/collections/bhis-shirt-collections Black Hills Infosec Services Active SOC: https://www.blackhillsinfosec.com/services/active-soc/ Penetration Testing: https://www.blackhillsinfosec.com/services/ Incident Response: https://www.blackhillsinfosec.com/services/incident-response/ Backdoors & Breaches - Incident Response Card Game Backdoors & Breaches: https://www.backdoorsandbreaches.com/ Play B&B Online: https://play.backdoorsandbreaches.com/ Antisyphon Training Pay What You Can: https://www.antisyphontraining.com/pay-what-you-can/ Live Training: https://www.antisyphontraining.com/course-catalog/ On Demand Training: https://www.antisyphontraining.com/on-demand-course-catalog/ Educational Infosec Content Black Hills Infosec Blogs: https://www.blackhillsinfosec.com/blog/ Wild West Hackin' Fest YouTube: https://www.youtube.com/wildwesthackinfest Active Countermeasures YouTube: https://youtube.com/activecountermeasures Antisyphon Training YouTube: https://www.youtube.com/antisyphontraining Join us at the annual information security conference in Deadwood, SD (in-person and virtually) — Wild West Hackin' Fest: https://wildwesthackinfest.com/www.youtube.comPart 2-Azure Console Pivoting 101 | Steve BoroshJoin us in the Black Hills InfoSec Discord server here: https://discord.gg/BHIS to keep the security conversation going! ///Part 1: https://youtu.be/GmPafiEey-I As more enterprises move their infrastructure to cloud services, the security perimeter continues to extend beyond the traditional firewall or DMZ. In this webcast, Steve will demonstrate the abilities and benefits of pivoting your traffic through Microsoft Azure Cloud Shell during your offensive engagements to achieve maximum success! ///Chapters 00:00 - Begin Part 2-Azure Console Pivoting 101 00:15 - Azure VM to Cloudshell 01:57 - DBeaver 03:19 - Spoofing Microsoft 365 Like it’s 1995 04:53 - Microsoft Direct Send 11:05 - Closing Recap 12:44 - Questions With Hackerman Savage 13:49 - Q: What’s Steve’s Powershell Terminal Setup? 14:32 - Q; Email Spoofing the CEO? 15:27 - Q: Quick Tenant Creation Recommendations? 16:55 - Q: What if There’s No Outlook on the Domain? 18:02 - Q: How Can the SOC Detect? 19:28 - Q: Conditional Identity Access? 21:24 - Final Thoughts Black Hills Infosec Socials Twitter: https://twitter.com/BHinfoSecurity Mastodon: https://infosec.exchange/@blackhillsinfosec LinkedIn: https://www.linkedin.com/company/antisyphon-training Discord: https://discord.gg/ffzdt3WUDe Black Hills Infosec Shirts & Hoodies https://spearphish-general-store.myshopify.com/collections/bhis-shirt-collections Black Hills Infosec Services Active SOC: https://www.blackhillsinfosec.com/services/active-soc/ Penetration Testing: https://www.blackhillsinfosec.com/services/ Incident Response: https://www.blackhillsinfosec.com/services/incident-response/ Backdoors & Breaches - Incident Response Card Game Backdoors & Breaches: https://www.backdoorsandbreaches.com/ Play B&B Online: https://play.backdoorsandbreaches.com/ Antisyphon Training Pay What You Can: https://www.antisyphontraining.com/pay-what-you-can/ Live Training: https://www.antisyphontraining.com/course-catalog/ On Demand Training: https://www.antisyphontraining.com/on-demand-course-catalog/ Educational Infosec Content Black Hills Infosec Blogs: https://www.blackhillsinfosec.com/blog/ Wild West Hackin' Fest YouTube: https://www.youtube.com/wildwesthackinfest Active Countermeasures YouTube: https://youtube.com/activecountermeasures Antisyphon Training YouTube: https://www.youtube.com/antisyphontraining Join us at the annual information security conference in Deadwood, SD (in-person and virtually) — Wild West Hackin' Fest: https://wildwesthackinfest.com/www.youtube.com