Sign up to save your podcasts
Or
Share How Attackers Stay Hidden Inside Your Azure Cloud
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
How Attackers Stay Hidden Inside Your Azure Cloud
In this episode, Ashish sits down with Christian Philipov, Principal Security Consultant at WithSecure, to explore the stealth tactics threat actors are using in Azure and why many of these go undetected.
Christian breaks down the lesser-known APIs like Ibiza and PIM, how Microsoft Graph differs from legacy APIs, and what this means for defenders.
- The 3 common ways attackers stay stealthy in Azure
- Why read-only enumeration activity often isn’t logged
- What detection is possible and how to improve it
- How conditional access and logging configuration can help defenders
- Why understanding Microsoft Graph matters for security ops
Guest Socials: Christian's Linkedin
Podcast Twitter - @CloudSecPod
If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:
-Cloud Security Podcast- Youtube
- Cloud Security Newsletter
- Cloud Security BootCamp
If you are interested in AI Cybersecurity, you can check out our sister podcast - AI Cybersecurity Podcast
Questions asked:
(00:00) Introduction
(02:09) A bit about Christian
(02:39) What is considered stealthy in Azure?
(04:39) Which services are stealthy in Azure?
(06:25) PIM and Ibiza API
(12:53) The role of Defender for Cloud
(18:04) Does the Stealthy API approach scale?
(19:26) Preventing Stealthy API attacks
(21:49) Best Practices for Prevention in Azure
(25:47) Behaviour Analysis in Azure
(29:31) The Fun Section
Resources spoken about during the interview:
Christian's fwd:cloudsec talk - Staying Sneaky in Microsoft Azure
Christian's Disobey Talk
View all episodes
By Cloud Security Podcast Team
5
5656 ratings
In this episode, Ashish sits down with Christian Philipov, Principal Security Consultant at WithSecure, to explore the stealth tactics threat actors are using in Azure and why many of these go undetected.
Christian breaks down the lesser-known APIs like Ibiza and PIM, how Microsoft Graph differs from legacy APIs, and what this means for defenders.
- The 3 common ways attackers stay stealthy in Azure
- Why read-only enumeration activity often isn’t logged
- What detection is possible and how to improve it
- How conditional access and logging configuration can help defenders
- Why understanding Microsoft Graph matters for security ops
Guest Socials: Christian's Linkedin
Podcast Twitter - @CloudSecPod
If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:
-Cloud Security Podcast- Youtube
- Cloud Security Newsletter
- Cloud Security BootCamp
If you are interested in AI Cybersecurity, you can check out our sister podcast - AI Cybersecurity Podcast
Questions asked:
(00:00) Introduction
(02:09) A bit about Christian
(02:39) What is considered stealthy in Azure?
(04:39) Which services are stealthy in Azure?
(06:25) PIM and Ibiza API
(12:53) The role of Defender for Cloud
(18:04) Does the Stealthy API approach scale?
(19:26) Preventing Stealthy API attacks
(21:49) Best Practices for Prevention in Azure
(25:47) Behaviour Analysis in Azure
(29:31) The Fun Section
Resources spoken about during the interview:
Christian's fwd:cloudsec talk - Staying Sneaky in Microsoft Azure
Christian's Disobey Talk
More shows like Cloud Security Podcast
View all
Risky Business
361 Listeners
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
626 Listeners
The Cloudcast
152 Listeners
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
363 Listeners
CyberWire Daily
1,004 Listeners
AWS Podcast
203 Listeners
Darknet Diaries
7,883 Listeners
Cybersecurity Today
169 Listeners
Kubernetes Podcast from Google
181 Listeners
CISO Series Podcast
187 Listeners
Practical AI
189 Listeners
Defense in Depth
77 Listeners
Cyber Security Headlines
129 Listeners
Cloud Security Podcast by Google
39 Listeners
Risky Bulletin
33 Listeners