The Azure Metadata Protection You Didn’t Know Was There
Some Azure services have an additional, not widely known, protection mechanism against session token exfiltration
Uncovering 3 Azure API Management Vulnerabilities – When Good APIs Go Bad
Learn how now-patched Azure API Management service vulnerabilities revealed by the Ermetic research team enabled malicious actions
EmojiDeploy: Smile! Your Azure web service just got RCE’d ._.
Ermetic’s research team discovered a remote code execution vulnerability affecting services such as Function Apps, App Service and Logic Apps on Azure cloud and other cloud sovereigns.
A Caveat for Azure VM Public IP Configuration
If you’re not familiar enough with the SKU attribute of the Azure public IP address, you may think you’re configuring VMs as public to the internet... but aren’t.
Public Network Access to Azure Resources Is Too Easy to Configure
For some types of Microsoft Azure resources and subnets, it’s extremely easy to configure what is essentially public network access. We describe here some examples and how to reduce such risks.
Access Keys: An Unintended Backdoor-by-Design to Azure Storage Accounts Data
The importance of understanding the assignments of Azure resource roles when giving permissions.
The ABCs of Azure Identity Governance Tools
The main Azure mechanisms for governing identities and providing access permissions.
Deconstructing Azure Access Management using RBAC
The basics of Azure RBAC -- the main mechanism in Azure for granting permissions to resources.