Christian Bortone @xybytes - Twitter Profile

about 2 months ago

@ppetryszen Unfortunately, the only way to verify these roles is to review them one by one. The role names are misleading, and the documentation is not reliable here because Microsoft does not provide clear information for this case. There are likely many others like this...

0

1

0

37

Christian Bortone @xybytes

about 2 months ago

Just published new research on Azure File Sync. I found that the built-in Azure File Sync Administrator role can grant more power than expected, opening a path to privilege escalation and sensitive file access. https://t.co/Ull2mr3gB7

1

42

18

22

5K

Christian Bortone @xybytes

9 months ago

Weak ACLs in AD and misconfigured dynamic groups in Azure AD are not new vulnerabilities. But when they intersect in a hybrid environment, they create a powerful, and often overlooked, attack path. You can read here my article. 🫡 https://t.co/tpWokkBDBd

0

2

0

1

110

Christian Bortone @xybytes

11 months ago

@G0ldenGunSec Excellent article. Just a quick note . The GPO abuse in Azure Arc (DPAPI + decoded secrets) was originally discovered by me about two years ago. I’d appreciate it if you could link to the original article for that specific section. https://t.co/t1mero71C3

0

4

2

0

209

Christian Bortone @xybytes

about 1 year ago

I was at @BSidesZagreb last week. I gave a talk on Privilege Escalation in Azure Machine Learning. If you're interested, check out this article on the topic. Plus, there are two scripts in MicroBuster that you can use for enumeration. 🙂 https://t.co/debXVMJR3h

xybytes's tweet photo. I was at @BSidesZagreb last week. I gave a talk on Privilege Escalation in Azure Machine Learning. If you're interested, check out this article on the topic. Plus, there are two scripts in MicroBuster that you can use for enumeration. 🙂

https://t.co/debXVMJR3h https://t.co/PrW2eDJvR1

0

116

Christian Bortone @xybytes

over 1 year ago

In my latest research article, I take a close look at the weaknesses within Azure Application Proxy, demonstrating how impersonating the connector can enable traffic hijacking from outside the infrastructure. https://t.co/a7jx0u9baq

xybytes's tweet photo. In my latest research article, I take a close look at the weaknesses within Azure Application Proxy, demonstrating how impersonating the connector can enable traffic hijacking from outside the infrastructure.

https://t.co/a7jx0u9baq https://t.co/quoSDsWne3

0

13

6

4

825

Christian Bortone @xybytes

almost 2 years ago

During my exploration of Azure Arc, I noticed that the Azure Arc Management Tool can be used to coerce NTLM authentication. The interesting part is that all the other options require local administrator permissions—except for this one. 🤔 https://t.co/jbyn5BsoPR

xybytes's tweet photo. During my exploration of Azure Arc, I noticed that the Azure Arc Management Tool can be used to coerce NTLM authentication. The interesting part is that all the other options require local administrator permissions—except for this one. 🤔 https://t.co/jbyn5BsoPR https://t.co/4nlI4uaQcr

0

27

9

16

4K

Christian Bortone @xybytes

almost 2 years ago

@fabian_bader @kfosaaen also if you want there my presentation here. https://t.co/BID8ccmkBr

1

11

1

3

381

Christian Bortone @xybytes

almost 2 years ago

@fabian_bader @kfosaaen While I'm not sure how common this is in real-world environments, it's possible, especially considering that many system administrators may not be very familiar with Azure Arc. Therefore, the impact depends on the RBAC assigned to that SP.

0

2

0

36

Christian Bortone @xybytes

almost 2 years ago

@fabian_bader @kfosaaen This situation highlights a scenario where a system administrator might use a single SP for all tasks, including managing Azure and onboarding new machines.

0

1

0

31

Christian Bortone @xybytes

almost 2 years ago

@fabian_bader @kfosaaen Yes, that’s correct. If you only have the onboarding role, you can only add new machines to Azure Arc. With the Azure Connected Machine Resource Administrator role, you have full control.

1

2

0

33

Christian Bortone @xybytes

almost 2 years ago

Finally, I achieved my first Microsoft CVE! (And maybe the last one. 🤣 ) https://t.co/E8EAyw6f9k This is also a zero-day for which I received a substantial four-figure bounty, the largest reward I've ever got. So, I was quite surprised #AzureCycleCloud #CVE

0

6

0

1

621

xybytes retweeted

🅾️sservaMy 👁☮️🍉 @OsservaMy

almost 2 years ago

Praticamente è il motivo, oggi, su cui si fonda la "non cultura". Quanto mi manchi, quanto mi mancano le tue parole ♥️ #MichelaMurgia

26

2K

392

166

71K

Christian Bortone @xybytes

about 2 years ago

I am excited to announce that I will be presenting a new attack technique in Azure Arc that I discovered, at BSides Leeds. In this talk, I will discuss a recent security flaw that enables bad actors within a corporate environment to gain control over a service principal account.

xybytes's tweet photo. I am excited to announce that I will be presenting a new attack technique in Azure Arc that I discovered, at BSides Leeds. In this talk, I will discuss a recent security flaw that enables bad actors within a corporate environment to gain control over a service principal account. https://t.co/F5pG7qxQ6R

0

3

0

259

Christian Bortone @xybytes

about 3 years ago

@intigriti underrated? HTTP request smuggling I think.

0

65

Christian Bortone @xybytes

about 3 years ago

To all my fellow pen testing buddies out there, this meme is dedicated to the unlucky soul who started an engagement, only to face a server that took a 24-hour nap or developers who removed functionality from the web app to avoid being tested. It can be f…https://t.co/tKVDGG9dKC

0

1

0

179

Christian Bortone

@xybytes

Last Seen Users on Sotwe

Trends for you

Most Popular Users