In this episode, Ashish sits down with Christian Philipov, Principal Security Consultant at WithSecure, to explore the stealth tactics threat actors are using in Azure and why many of these go undetected.
Christian breaks down the lesser-known APIs like Ibiza and PIM, how Microsoft Graph differs from legacy APIs, and what this means for defenders.
- The 3 common ways attackers stay stealthy in Azure
- Why read-only enumeration activity often isn’t logged
- What detection is possible and how to improve it
- How conditional access and logging configuration can help defenders
- Why understanding Microsoft Graph matters for security ops
Guest Socials: Christian's Linkedin
Podcast Twitter - @CloudSecPod
If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:
If you are interested in AI Cybersecurity, you can check out our sister podcast - AI Cybersecurity Podcast
Questions asked:
(00:00) Introduction
(02:09) A bit about Christian
(02:39) What is considered stealthy in Azure?
(04:39) Which services are stealthy in Azure?
(06:25) PIM and Ibiza API
(12:53) The role of Defender for Cloud
(18:04) Does the Stealthy API approach scale?
(19:26) Preventing Stealthy API attacks
(21:49) Best Practices for Prevention in Azure
(25:47) Behaviour Analysis in Azure
(29:31) The Fun Section
Resources spoken about during the interview:
Christian's fwd:cloudsec talk - Staying Sneaky in Microsoft Azure
Popular Podcasts
Crime Junkie
Does hearing about a true crime case always leave you scouring the internet for the truth behind the story? Dive into your next mystery with Crime Junkie. Every Monday, join your host Ashley Flowers as she unravels all the details of infamous and underreported true crime cases with her best friend Brit Prawat. From cold cases to missing persons and heroes in our community who seek justice, Crime Junkie is your destination for theories and stories you won’t hear anywhere else. Whether you're a seasoned true crime enthusiast or new to the genre, you'll find yourself on the edge of your seat awaiting a new episode every Monday. If you can never get enough true crime... Congratulations, you’ve found your people. Follow to join a community of Crime Junkies! Crime Junkie is presented by audiochuck Media Company.
24/7 News: The Latest
The latest news in 4 minutes updated every hour, every day.
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.