In this episode, Ashish sits down with Christian Philipov, Principal Security Consultant at WithSecure, to explore the stealth tactics threat actors are using in Azure and why many of these go undetected.
Christian breaks down the lesser-known APIs like Ibiza and PIM, how Microsoft Graph differs from legacy APIs, and what this means for defenders.
Guest Socials: Christian's Linkedin
Podcast Twitter - @CloudSecPod
If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:
If you are interested in AI Cybersecurity, you can check out our sister podcast - AI Cybersecurity Podcast
Questions asked:
(00:00) Introduction
(02:09) A bit about Christian
(02:39) What is considered stealthy in Azure?
(04:39) Which services are stealthy in Azure?
(06:25) PIM and Ibiza API
(12:53) The role of Defender for Cloud
(18:04) Does the Stealthy API approach scale?
(19:26) Preventing Stealthy API attacks
(21:49) Best Practices for Prevention in Azure
(25:47) Behaviour Analysis in Azure
(29:31) The Fun Section
Resources spoken about during the interview:
Christian's fwd:cloudsec talk - Staying Sneaky in Microsoft Azure
