Attacking and Defending Azure with BloodHound | Andy Robbins | WWHF San Diego 2022

Attend Wild West Hackin' Fest (WWHF) in Deadwood, In-Person and Virtual!
https://wildwesthackinfest.com/deadwood/


There’s no two ways about it: Azure is a confusing and complex collection of intertwined systems. Finding attack paths in Azure by hand is a frustrating, slow, and tedious process. Defending Azure against those same attack paths is almost impossible with the built-in tooling provided by Microsoft.
In this talk, I will demonstrate how to use BloodHound to find and analyze attack paths into, out of, and within the various Azure services, including Azure Active Directory and Azure Resource Manager. I’ll demonstrate some of the more interesting and common attack primitives you may find, and I’ll show how defenders can use the free and open source version of BloodHound to find and eliminate the most dangerous attack paths.


Andy Robbins (@_wald0) is one of the co-creators of BloodHound and is the Product Architect of BloodHound Enterprise at SpecterOps. Andy’s background is in red teaming and pentesting. Andy has written about Azure attack primitives on the SpecterOps blog, and spoken at and given training at conferences on Active Directory security.