Håkon and Karim have worked with various Azure environments and have discovered a common attack path between GitHub and Azure caused by misconfigured federation settings.
They will in detail show how an attacker can Hijack Azure Straight from GitHub, and how you can protect againt it.
In this presentation they will how attackers can enumerate and abuse this weakness to move from code repositories to cloud infrastructure.
To help organizations identify this risk, they will releasing an open-source tool for defensive and offensive security teams together at HackCon. You can then take this tool and check if your azure is vulnerable and close the vulnerabilities as quickly as possible before the attacker gains a foothold in your organization.
This session will be held by Karim El-Melhaoui and Håkon Nikolai Stange Sørum.
Karim is a seasoned and renowned thought leader within cloud security. At O3 Cyber, he conducts research and development. Karim has a background in building and operating platform services for security on private and public clouds, developing and executing a cyber security strategy for the world’s largest sovereign wealth fund, and overseeing the execution of adapting a traditional security organization to a "cloud operating model".
Is a must lecture if you use azure!