SlideShare a Scribd company logo
1 of 28
7 Dangerous Ways To
Cyberattack Azure
By Abdul khan
Author
• Abdul Khan
• IT Consultant based in Manchester, UK
• Engineering Lead, Executive, Technologist, Architect
• IT experience, within the private and public sectors (Retail, Banking, Digital, Insurance, M.O.D., HMRC, Aviation, Telecommunication,
Housing Associations, Education, Travel, and Pharmaceutical companies). Excellent architectural and strong DevOps experience with
proven-track record of delivering E2E, B2B and B2C solution on regional and global programs.
• SME in specializing in providing integration, data migration, digital transformations to the cloud solutions (Azure and AWS)
• Wealth of experience in global projects across EMEA, ASPAC and LATAM
• Liked in profile https://www.linkedin.com/in/abdul-khan-uk/
Accreditations
Thank you to my brother, good friends and colleagues for reviewing, adding value, sharing their vast experience
and knowledge.
• Samad Khan (IT Manager), specialising in enterprise solution in finance and wealth Management
• Steve Lampton (IT Consultant, Cloud SME) specialising in NetOps, DevOps and SecOps
Audience
Main Audience
• The top cyberthreats may find a wider group of potential stakeholders who are interested in
understanding the threat landscape in general or deepen their understanding to cover particular
threats.
• This document for decision makers, security architects, risk managers, auditors and end-users
who wish to be informed about the where-about of various cyberthreats may find this material
useful.
Assumptions
• Reader has some knowledge of cloud platforms technologies.
Content
1.0 Think Like A Hacker
1.1 Introduction
1.2 Hacker Perspective
1.3 The Top Most Dangerous Cyberattacks
1.4 Account Storage – Architecture
1.5 Account Storage – Storage Stamp
3.0 Final Thoughts
3.1 Considerations & Best Practices
2.0 Cyberattacks and Countermeasures
2.1 Attack01 – Access using account keys
2.2 Attack02 – Ransomware attack and encryption
2.3 Attack03 – Attack VMs and Disks
2.4 Attack04 – Storage Tampering attack
2.5 Attack05 – A Phishing attack
2.6 Attack06 – Attack to Blob and resource using anonymous access
2.7 Attack07 – Attacks To The Public and Private IP Addresses in Azure
1.0 Think Like
A Hacker…
“everything and anything is hackable and vulnerable in some ways”
1.1 Introduction
• Microsoft Azure offers many types of tool and technology to manage and handle threats and
security. This can be from the classical firewall, encryption, network security group, MOMS,
Security Centre, Audit Logging, GDPR and much more.
• To identify the most important risks and threats and how to manage them we need to choose the
right platform that provides the best features and tools.
• In Cloud, any resources can be linked with security or related to hacking and should be assessed
for vulnerabilities. Therefore, few basic questions that should always be asked :-
• Is the functionality secure or vulnerable?
• If yes, how can it be exploited and how much damage could it cause?
1.2 Hacker Perspective (1/2)
• From a hacker perspective, a DNS provides very important data, this includes :
• The Account name is extremely important because it is used by Azure to locate the
primary storage cluster and the datacentre where the storage is located, all the
requests for this account are directed to this location, an application can use a
different account for different locations.
• The Partition name identifies the storage node of the cluster and it is used to scale-
out access to the data, the ObjectName is the specific object in the partition, the
transactions are atomic and managed across the different objects inside the same
PartitionName.
1.2 Hacker Perspective (2/2)
• The Account Storage architecture has been organized to provide the maximum
capacity and scaling, the let see the most important components and how it works.
• The Storage Stamp is a cluster of N racks of storage nodes, and each rack is a
separate fault domain, the challenge is to maintain the storage provisioned in
production as highly utilized as possible if a rack reach lower then 70% the account is
migrated in another rack
• The Location Service manages the account namespace across all stamps and all the
storage stamps, it is also responsible for disaster recovery and load balancing, the LS
updates the DNS and allow the requests from the name
https://AccountName.service.core.windows.net to that storage stamp’s virtual IP
(VIP, an IP address the storage stamp exposes for external traffic).
1.3 The Top Most Dangerous Cyberattacks (1/2)
• There are three most essential areas in Microsoft Azure, RBAC, Storage and
Networking, everything in Azure depends on these three main pillars, and
considering these areas. The 3 topmost dangerous cyberattacks, below the TOP
Parade:
• Privilege escalation to Azure PIM and the Global Admin Account;
• Ransomware Attack;
• Attack to the public and private IP addresses;
• All these attacks are extremely dangerous and effective. However, the privilege
escalation is the most dangerous because it can escalate a top-level, which
means no more control in the entire cloud and company.
• Internal attacks are much more dangerous and effective than the externals, and
companies often underestimate that. Cloud is more secure than on-premise, we
can rely on a much more solid infrastructure but we know cloud has weaknesses.
1.3 The Top Most Dangerous Cyberattacks (2/2)
• RBAC is used to provide access to the storage account to a specific user. Hacker use this
approach to obtain access storage accounts. This is a classic method used to manage
the storage account by people through the Azure Portal.
• There are 3 major areas of Azure, also these are the weak points, most critical and
vulnerable areas for hackers to exploit, they are:-
• Authentication and Authorization (Azure AD and RBAC),
• Microsoft Azure Storage
• Networks(Azure Infrastructure).
1.4 Account Storage - Architecture
Access Blobs, Tables
and Queues for
Accounts
Location Service
DNS
Front-Ends
Stream Layers
Stream Layers
Intra-Stamp
Replication
Storage Stamp
VIP
Front-Ends
Stream Layers
Stream Layers
Intra-Stamp
Replication
Storage Stamp
VIP
Account Management
Inter-Stamp
Replication
https://AccountName.service.core.windows.net
1.5 Account Storage - Storage Stamps
• The three layers in the Storage Stamps:
• Stream Layer is like a distributed file system layer within the stamps, it understands
files, called streams, and it manages how to store, replicate them and more but it
doesn’t have any clue about the data or the semantics.
• The Partition Layers manages and understands the high data abstraction layer (Blob,
Table, Queues, and Files), caching objects, and storing objects on top of the
streaming.
• The Front-End layer manages the authentication and authorizations for the account
though SAS token or Access Key, and it governs the relations between account and
partitions.
2.0 Cyberattacks and
Countermeasures
2.1 Attack01 – Access Using Account Keys
Attack
• Developers use account keys everywhere, they send by email, they write in the code and often they take
notes in files and there are different techniques to use.
• Google Dorks are used by a hacker to collect any type of information on the internet, it is a very powerful
technique, especially if used is a smart way
• The query will search in all Google database for any file indexed of type config, containing the world
accountkey in the web sites githup.com and sourceforge.net
• The githup is not a typo, google may filter some query types, using this technique you can evade them.
Countermeasures
• Create Azure policy to block any unauthorize key vault creation (use a dedicated AD group/user)
• Set less permission privilege to the Key Vault, monitor any access and notify by email any change
• Store any sensitive information in Key Vaults and force developers on using this practice.
• Execute automation source code scanning with Azure DevOps
2.2 Attack02 – Ransomware Attack And Encryption
Attack
• Azure encrypts any data in the storage account, key requirement for certifications ISO 27001, ISO 9001,
GDPR and others. But Is there a real risk of a ransomware attack in the cloud?, Answer is Yes. So what can a
hacker do? Answer, there is real potentially the entire storage account, all virtual machines, and disks can be
encrypt.
• A hacker could achieve a privilege escalation attack to the cloud or find the account keys and access to the
storage account. If this is achieved, then a hacker has different choices, One quick and very dangerous attack
is on the encryption keys, an attacker is able to encrypt the entire storage account. Azure uses two
mechanisms to encrypt the data:
• one using the internal encryption key;
• and the second is using an arbitrary key created by the customer.
• Attack simulation to the encryption keys, Hacker only required a basic knowledge of Storage Account and
Key Vault, a hacker can :-
• To execute a privilege escalation attack to Azure, (contributor access to the resource group re required)
• The attacker now will delete the key from the key vault, enter the key vault and delete the key.
2.2 Attack02 – Ransomware Attack And Encryption
Countermeasures
• The best option is using policies and blocks any unauthorized usage, especially creation.
• Create Azure policy to block any unauthorize key vault creation (use a dedicated AD
group/user)
• Set less permission privilege to the Key Vault, monitor any access and notify by email any
change
• Use Multi-Factor Authentication in any sensitive location of the company.
2.3 Attack03 – Attack VMs and Disks
Attack
• Another option is encrypting the content of the storage account, for example, all disks,
this is a procedure that we can achieve using Powershell and remotely
Countermeasures
• Create Azure policy to block any unauthorize encrypting operation (use a dedicated AD
group/user)
• Set less permission privilege to the resources
• Use Multi-Factor Authentication in any sensitive location of the company.
2.4 Attack04 – Storage Tampering attack
Attack
• This is an extremely effective and dangerous attack, the hacker found the storage
account keys and will execute a scan in the account, below an example to list Blobs using
Azure CLI :
• The attacker has now a clear idea about the content and they may will inject in the
storage account-specific malicious content. The hacker could upload malicious scripts,
PDF files tampered and more.
• Developers and IT administrators use the queues to execute specific infrastructure tasks
and execution following a specific FIFO order, the hacker could inject messages in the
queue and execute arbitrary code and script.
• This Azure storage tampering is usually used in conjunction with the phishing attack.
2.4 Attack04 – Storage Tampering attack
Countermeasures
• The prevention is the best countermeasure, we must prevent access to the resource.
• Create Azure policy to block any unauthorized usage (use a dedicated AD group/user)
• Set less permission privilege to the storage account and to the specific resource, monitor
any access and notify by email any change
• Refer to Attack01 regarding the protection of the keys
• Use Multi-Factor Authentication in any sensitive location of the company.
2.5 Attack05 – A Phishing attack
Attack
• This is a very used attack because able to be combined in many different combinations, the concept is very
simple.
• trusted web site, the attacker can send email using this URL without being intercepted or blocked, and it
looks a legitimate URL. The hacker can simulate an internal communication and an employee could click on
the URL and open a malicious file hosted in the blob.
• This is a very simple example, in the future we will examine some nasty phishing attacks using a blob storage
account.
Countermeasures
• Robust email security solutions are actually the best option, also filtering any email containing the
windows.net domain.
• Educate employees about recognizing different types of phishing attacks and avoid clicking any link.
• Use multi security layers, scanning email, antivirus and use the red team to test malicious attack.
• Educate everybody in the companies, also the very top management.
• Use Multi-Factor Authentication in any sensitive location of the company.
2.6 Attack06 – Attack To Blob And Resource Using
Anonymous Access
Attack
• We can set the reading access type of the container and blob as anonymous. We may need to use this
setting because we want to provide public access to our content, hackers use this setting for phishing
attacks.
• Black hats daily scan the public internet and they check the contents of these blobs by: -
• Option 1 – Using Shodan - Login with a free account to Shodan.io and use the search string
• Option 2 – Using scripting - This is the most productive and effective way to collect anonymous blob
storages, we can use any script type technique, the concept is quite simple.
• During an HTTP GET to request the anonymous blob storage responds in a different way from a private one,
this is the discriminant
• A program or script to created any possible combination of the account name and check for any possible
public blob on the internet. The procedure is a simple representation of what criminal companies do using
very high calculation power.
• The program used by these companies is specifically designed to check the content and they use Artificial
intelligence to quickly understand if the content can be something useful or not.
2.6 Attack06 – Attack To Blob And Resource Using
Anonymous Access
Countermeasures
• Don’t publish any sensitive information in public storage.
Important Note
• The usage of public blobs can be a good honey trap, criminals will be focused on that specific area
of attack, you may also put false and misleading information.
• The honey trap is an interesting strategy and it can be extremely effective if well planned, we can
also make the criminal think what we want and discourage them from continuing any more
investigation to the company.
2.7 Attack07 – Attacks To The Public and Private IP
Addresses In Azure
Attack
• A public IP is attacked by a hacker after the first five minutes of life on the internet, this is a standard procedure, these
people are criminal organizations looking for information to use against the company and employee. You can find public IP
exposed in Azure very easily. The entire Azure infrastructure can be scanned for ay public IP’s, open RDP ports with one
command : . By this hacker can download the entire Azure IP range by scanning the service,
these are all public information.
• Never underestimate the internal threats, if a hacker penetrates a VM, he will also have access to the internal network, at
least in the subnet, and if the VM is in the domain then the escalation of the damage is not measurable, it depends by the
Azure experience of the hacker.
Countermeasures
• Option 1 – The basic solution is avoid using public IP’s and if you really need then lock it and masquerade.
• Option 2 – Control the creation of new Public IP
• Option 3 – Use Azure Bastion
• Option 4 – Use VPN
• VPN is the best option and we avoid exposure to the internet however we still need to handle the private IPs because we
can face an internal attack.
3.0 Final Thoughts
3.1 Considerations & Best Practices
• Centralize the security control and access using a good subscription structure and firewalling appliance.
• Create a Base subscription, install ExpressRoute and firewalling and propagate the connectivity to the other
subscriptions, this will give you a lot of control.
• Use a proper segmentation of the network and organize your IP Schemas and VNet by Regions.
• Create Azure policies and force your network rules
• Use Zero trust approach and limit any access
• This presentation has highlights some of the most important and dangerous attacks to the Storage Account,
prevention is always the best practice and in order to achieve that we need to use Azure Policies.
• Azure Policies are the first line of defense, the first opportunity to stop the attack. This is what we need to
achieve, we need to stop the attack from the beginning and not in the during.
• the most dangerous attack always starts from the internal, we need to make our home secure from any risk.
• Don’t trust anybody, even yourself, if you are not sure about something, better ask and discuss it in the team.
- END OF DECK
By Abdul Khan – https://www.linkedin.com/in/abdul-khan-uk/

More Related Content

What's hot

Cloud security, Cloud security Access broker, CSAB's 4 pillar, deployment mode
Cloud security, Cloud security Access broker, CSAB's 4 pillar, deployment modeCloud security, Cloud security Access broker, CSAB's 4 pillar, deployment mode
Cloud security, Cloud security Access broker, CSAB's 4 pillar, deployment modeHimani Singh
 
Securing Applications in the Cloud
Securing Applications in the CloudSecuring Applications in the Cloud
Securing Applications in the CloudSecurity Innovation
 
Security on Cloud Computing
Security on Cloud Computing Security on Cloud Computing
Security on Cloud Computing Reza Pahlava
 
Security Issues of Cloud Computing
Security Issues of Cloud ComputingSecurity Issues of Cloud Computing
Security Issues of Cloud ComputingFalgun Rathod
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing SecurityNithin Raj
 
Cyber Security and Cloud Computing
Cyber Security and Cloud ComputingCyber Security and Cloud Computing
Cyber Security and Cloud ComputingKeet Sugathadasa
 
Guide to CASB Use Cases
Guide to CASB Use CasesGuide to CASB Use Cases
Guide to CASB Use CasesSachin Yadav
 
Best-Practices-Web-Usability
Best-Practices-Web-UsabilityBest-Practices-Web-Usability
Best-Practices-Web-UsabilityLarry Wilson
 
(ISC)2 CCSP - Certified Cloud Security Professional
(ISC)2 CCSP - Certified Cloud Security Professional(ISC)2 CCSP - Certified Cloud Security Professional
(ISC)2 CCSP - Certified Cloud Security ProfessionalHatem ElSahhar
 
Security issue in Cloud computing
Security issue in Cloud computingSecurity issue in Cloud computing
Security issue in Cloud computingSeema Kumari
 
Cloud university intel security
Cloud university intel securityCloud university intel security
Cloud university intel securityIngram Micro Cloud
 
Data security in cloud environment
Data security in cloud environmentData security in cloud environment
Data security in cloud environmentShivam Singh
 
Data security in the cloud
Data security in the cloud Data security in the cloud
Data security in the cloud IBM Security
 

What's hot (20)

Cloud security, Cloud security Access broker, CSAB's 4 pillar, deployment mode
Cloud security, Cloud security Access broker, CSAB's 4 pillar, deployment modeCloud security, Cloud security Access broker, CSAB's 4 pillar, deployment mode
Cloud security, Cloud security Access broker, CSAB's 4 pillar, deployment mode
 
Securing Applications in the Cloud
Securing Applications in the CloudSecuring Applications in the Cloud
Securing Applications in the Cloud
 
Security on Cloud Computing
Security on Cloud Computing Security on Cloud Computing
Security on Cloud Computing
 
Security Issues of Cloud Computing
Security Issues of Cloud ComputingSecurity Issues of Cloud Computing
Security Issues of Cloud Computing
 
Cloud security
Cloud securityCloud security
Cloud security
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing Security
 
Security As A Service In Cloud(SECaaS)
Security As A Service In Cloud(SECaaS)Security As A Service In Cloud(SECaaS)
Security As A Service In Cloud(SECaaS)
 
Cloud Security Governance
Cloud Security GovernanceCloud Security Governance
Cloud Security Governance
 
Cloud Security
Cloud Security Cloud Security
Cloud Security
 
cloud security ppt
cloud security ppt cloud security ppt
cloud security ppt
 
Cyber Security and Cloud Computing
Cyber Security and Cloud ComputingCyber Security and Cloud Computing
Cyber Security and Cloud Computing
 
Guide to CASB Use Cases
Guide to CASB Use CasesGuide to CASB Use Cases
Guide to CASB Use Cases
 
Best-Practices-Web-Usability
Best-Practices-Web-UsabilityBest-Practices-Web-Usability
Best-Practices-Web-Usability
 
(ISC)2 CCSP - Certified Cloud Security Professional
(ISC)2 CCSP - Certified Cloud Security Professional(ISC)2 CCSP - Certified Cloud Security Professional
(ISC)2 CCSP - Certified Cloud Security Professional
 
Security issue in Cloud computing
Security issue in Cloud computingSecurity issue in Cloud computing
Security issue in Cloud computing
 
Cloud university intel security
Cloud university intel securityCloud university intel security
Cloud university intel security
 
Data security in cloud environment
Data security in cloud environmentData security in cloud environment
Data security in cloud environment
 
Cloud security
Cloud securityCloud security
Cloud security
 
Data security in the cloud
Data security in the cloud Data security in the cloud
Data security in the cloud
 
Cloud Security Fundamentals Webinar
Cloud Security Fundamentals WebinarCloud Security Fundamentals Webinar
Cloud Security Fundamentals Webinar
 

Similar to 7 Ways To Cyberattack And Hack Azure

Threat_Modelling.pdf
Threat_Modelling.pdfThreat_Modelling.pdf
Threat_Modelling.pdfMarlboroAbyad
 
Core strategies to develop defense in depth in AWS
Core strategies to develop defense in depth in AWSCore strategies to develop defense in depth in AWS
Core strategies to develop defense in depth in AWSShane Peden
 
001 - Get acquainted with the AWS platform -- hide01.ir.pptx
001 - Get acquainted with the AWS platform  --  hide01.ir.pptx001 - Get acquainted with the AWS platform  --  hide01.ir.pptx
001 - Get acquainted with the AWS platform -- hide01.ir.pptxnitinscribd
 
Creating a fortress in your active directory environment
Creating a fortress in your active directory environmentCreating a fortress in your active directory environment
Creating a fortress in your active directory environmentDavid Rowe
 
Security in the cloud Workshop HSTC 2014
Security in the cloud Workshop HSTC 2014Security in the cloud Workshop HSTC 2014
Security in the cloud Workshop HSTC 2014Akash Mahajan
 
DBMS Vulnerabilities And Threats.pptx
DBMS Vulnerabilities And Threats.pptxDBMS Vulnerabilities And Threats.pptx
DBMS Vulnerabilities And Threats.pptxsiti829412
 
For Business's Sake, Let's focus on AppSec
For Business's Sake, Let's focus on AppSecFor Business's Sake, Let's focus on AppSec
For Business's Sake, Let's focus on AppSecLalit Kale
 
BSides SG Practical Red Teaming Workshop
BSides SG Practical Red Teaming WorkshopBSides SG Practical Red Teaming Workshop
BSides SG Practical Red Teaming WorkshopAjay Choudhary
 
Enumeration and system hacking
Enumeration and system hackingEnumeration and system hacking
Enumeration and system hackingbegmohsin
 
Využijte svou Oracle databázi na maximum!
Využijte svou Oracle databázi na maximum!Využijte svou Oracle databázi na maximum!
Využijte svou Oracle databázi na maximum!MarketingArrowECS_CZ
 
AWS Summit 2013 | India - Extend your Datacenter in the Cloud and achieve Hig...
AWS Summit 2013 | India - Extend your Datacenter in the Cloud and achieve Hig...AWS Summit 2013 | India - Extend your Datacenter in the Cloud and achieve Hig...
AWS Summit 2013 | India - Extend your Datacenter in the Cloud and achieve Hig...Amazon Web Services
 
Webinar Fondazione CRUI - Microsoft: La Cyber Security nelle Università
Webinar Fondazione CRUI - Microsoft: La Cyber Security nelle Università Webinar Fondazione CRUI - Microsoft: La Cyber Security nelle Università
Webinar Fondazione CRUI - Microsoft: La Cyber Security nelle Università Jürgen Ambrosi
 
Active Directory 2019 v2.pptx
Active Directory 2019 v2.pptxActive Directory 2019 v2.pptx
Active Directory 2019 v2.pptxPradeep Kapkoti
 
SC-900 Concepts of Security, Compliance, and Identity
SC-900 Concepts of Security, Compliance, and IdentitySC-900 Concepts of Security, Compliance, and Identity
SC-900 Concepts of Security, Compliance, and IdentityFredBrandonAuthorMCP
 
Challenges with Cloud Security by Ken Y Chan
Challenges with Cloud Security by Ken Y ChanChallenges with Cloud Security by Ken Y Chan
Challenges with Cloud Security by Ken Y ChanKen Chan
 
Platform Security IRL: Busting Buzzwords & Building Better
Platform Security IRL:  Busting Buzzwords & Building BetterPlatform Security IRL:  Busting Buzzwords & Building Better
Platform Security IRL: Busting Buzzwords & Building BetterEqual Experts
 

Similar to 7 Ways To Cyberattack And Hack Azure (20)

Threat_Modelling.pdf
Threat_Modelling.pdfThreat_Modelling.pdf
Threat_Modelling.pdf
 
Core strategies to develop defense in depth in AWS
Core strategies to develop defense in depth in AWSCore strategies to develop defense in depth in AWS
Core strategies to develop defense in depth in AWS
 
AWS Cloud Security
AWS Cloud SecurityAWS Cloud Security
AWS Cloud Security
 
001 - Get acquainted with the AWS platform -- hide01.ir.pptx
001 - Get acquainted with the AWS platform  --  hide01.ir.pptx001 - Get acquainted with the AWS platform  --  hide01.ir.pptx
001 - Get acquainted with the AWS platform -- hide01.ir.pptx
 
Anatomy of a Cloud Hack
Anatomy of a Cloud HackAnatomy of a Cloud Hack
Anatomy of a Cloud Hack
 
Creating a fortress in your active directory environment
Creating a fortress in your active directory environmentCreating a fortress in your active directory environment
Creating a fortress in your active directory environment
 
Security in the cloud Workshop HSTC 2014
Security in the cloud Workshop HSTC 2014Security in the cloud Workshop HSTC 2014
Security in the cloud Workshop HSTC 2014
 
DBMS Vulnerabilities And Threats.pptx
DBMS Vulnerabilities And Threats.pptxDBMS Vulnerabilities And Threats.pptx
DBMS Vulnerabilities And Threats.pptx
 
For Business's Sake, Let's focus on AppSec
For Business's Sake, Let's focus on AppSecFor Business's Sake, Let's focus on AppSec
For Business's Sake, Let's focus on AppSec
 
BSides SG Practical Red Teaming Workshop
BSides SG Practical Red Teaming WorkshopBSides SG Practical Red Teaming Workshop
BSides SG Practical Red Teaming Workshop
 
Enumeration and system hacking
Enumeration and system hackingEnumeration and system hacking
Enumeration and system hacking
 
Využijte svou Oracle databázi na maximum!
Využijte svou Oracle databázi na maximum!Využijte svou Oracle databázi na maximum!
Využijte svou Oracle databázi na maximum!
 
Security Design Principles.ppt
 Security Design Principles.ppt Security Design Principles.ppt
Security Design Principles.ppt
 
AWS Summit 2013 | India - Extend your Datacenter in the Cloud and achieve Hig...
AWS Summit 2013 | India - Extend your Datacenter in the Cloud and achieve Hig...AWS Summit 2013 | India - Extend your Datacenter in the Cloud and achieve Hig...
AWS Summit 2013 | India - Extend your Datacenter in the Cloud and achieve Hig...
 
Webinar Fondazione CRUI - Microsoft: La Cyber Security nelle Università
Webinar Fondazione CRUI - Microsoft: La Cyber Security nelle Università Webinar Fondazione CRUI - Microsoft: La Cyber Security nelle Università
Webinar Fondazione CRUI - Microsoft: La Cyber Security nelle Università
 
Active Directory 2019 v2.pptx
Active Directory 2019 v2.pptxActive Directory 2019 v2.pptx
Active Directory 2019 v2.pptx
 
SC-900 Concepts of Security, Compliance, and Identity
SC-900 Concepts of Security, Compliance, and IdentitySC-900 Concepts of Security, Compliance, and Identity
SC-900 Concepts of Security, Compliance, and Identity
 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
 
Challenges with Cloud Security by Ken Y Chan
Challenges with Cloud Security by Ken Y ChanChallenges with Cloud Security by Ken Y Chan
Challenges with Cloud Security by Ken Y Chan
 
Platform Security IRL: Busting Buzzwords & Building Better
Platform Security IRL:  Busting Buzzwords & Building BetterPlatform Security IRL:  Busting Buzzwords & Building Better
Platform Security IRL: Busting Buzzwords & Building Better
 

Recently uploaded

A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPathCommunity
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterMydbops
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rick Flair
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Scott Andery
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 

Recently uploaded (20)

A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to Hero
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL Router
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 

7 Ways To Cyberattack And Hack Azure

  • 1. 7 Dangerous Ways To Cyberattack Azure By Abdul khan
  • 2. Author • Abdul Khan • IT Consultant based in Manchester, UK • Engineering Lead, Executive, Technologist, Architect • IT experience, within the private and public sectors (Retail, Banking, Digital, Insurance, M.O.D., HMRC, Aviation, Telecommunication, Housing Associations, Education, Travel, and Pharmaceutical companies). Excellent architectural and strong DevOps experience with proven-track record of delivering E2E, B2B and B2C solution on regional and global programs. • SME in specializing in providing integration, data migration, digital transformations to the cloud solutions (Azure and AWS) • Wealth of experience in global projects across EMEA, ASPAC and LATAM • Liked in profile https://www.linkedin.com/in/abdul-khan-uk/
  • 3. Accreditations Thank you to my brother, good friends and colleagues for reviewing, adding value, sharing their vast experience and knowledge. • Samad Khan (IT Manager), specialising in enterprise solution in finance and wealth Management • Steve Lampton (IT Consultant, Cloud SME) specialising in NetOps, DevOps and SecOps
  • 4. Audience Main Audience • The top cyberthreats may find a wider group of potential stakeholders who are interested in understanding the threat landscape in general or deepen their understanding to cover particular threats. • This document for decision makers, security architects, risk managers, auditors and end-users who wish to be informed about the where-about of various cyberthreats may find this material useful. Assumptions • Reader has some knowledge of cloud platforms technologies.
  • 5. Content 1.0 Think Like A Hacker 1.1 Introduction 1.2 Hacker Perspective 1.3 The Top Most Dangerous Cyberattacks 1.4 Account Storage – Architecture 1.5 Account Storage – Storage Stamp 3.0 Final Thoughts 3.1 Considerations & Best Practices 2.0 Cyberattacks and Countermeasures 2.1 Attack01 – Access using account keys 2.2 Attack02 – Ransomware attack and encryption 2.3 Attack03 – Attack VMs and Disks 2.4 Attack04 – Storage Tampering attack 2.5 Attack05 – A Phishing attack 2.6 Attack06 – Attack to Blob and resource using anonymous access 2.7 Attack07 – Attacks To The Public and Private IP Addresses in Azure
  • 6. 1.0 Think Like A Hacker…
  • 7. “everything and anything is hackable and vulnerable in some ways”
  • 8. 1.1 Introduction • Microsoft Azure offers many types of tool and technology to manage and handle threats and security. This can be from the classical firewall, encryption, network security group, MOMS, Security Centre, Audit Logging, GDPR and much more. • To identify the most important risks and threats and how to manage them we need to choose the right platform that provides the best features and tools. • In Cloud, any resources can be linked with security or related to hacking and should be assessed for vulnerabilities. Therefore, few basic questions that should always be asked :- • Is the functionality secure or vulnerable? • If yes, how can it be exploited and how much damage could it cause?
  • 9. 1.2 Hacker Perspective (1/2) • From a hacker perspective, a DNS provides very important data, this includes : • The Account name is extremely important because it is used by Azure to locate the primary storage cluster and the datacentre where the storage is located, all the requests for this account are directed to this location, an application can use a different account for different locations. • The Partition name identifies the storage node of the cluster and it is used to scale- out access to the data, the ObjectName is the specific object in the partition, the transactions are atomic and managed across the different objects inside the same PartitionName.
  • 10. 1.2 Hacker Perspective (2/2) • The Account Storage architecture has been organized to provide the maximum capacity and scaling, the let see the most important components and how it works. • The Storage Stamp is a cluster of N racks of storage nodes, and each rack is a separate fault domain, the challenge is to maintain the storage provisioned in production as highly utilized as possible if a rack reach lower then 70% the account is migrated in another rack • The Location Service manages the account namespace across all stamps and all the storage stamps, it is also responsible for disaster recovery and load balancing, the LS updates the DNS and allow the requests from the name https://AccountName.service.core.windows.net to that storage stamp’s virtual IP (VIP, an IP address the storage stamp exposes for external traffic).
  • 11. 1.3 The Top Most Dangerous Cyberattacks (1/2) • There are three most essential areas in Microsoft Azure, RBAC, Storage and Networking, everything in Azure depends on these three main pillars, and considering these areas. The 3 topmost dangerous cyberattacks, below the TOP Parade: • Privilege escalation to Azure PIM and the Global Admin Account; • Ransomware Attack; • Attack to the public and private IP addresses; • All these attacks are extremely dangerous and effective. However, the privilege escalation is the most dangerous because it can escalate a top-level, which means no more control in the entire cloud and company. • Internal attacks are much more dangerous and effective than the externals, and companies often underestimate that. Cloud is more secure than on-premise, we can rely on a much more solid infrastructure but we know cloud has weaknesses.
  • 12. 1.3 The Top Most Dangerous Cyberattacks (2/2) • RBAC is used to provide access to the storage account to a specific user. Hacker use this approach to obtain access storage accounts. This is a classic method used to manage the storage account by people through the Azure Portal. • There are 3 major areas of Azure, also these are the weak points, most critical and vulnerable areas for hackers to exploit, they are:- • Authentication and Authorization (Azure AD and RBAC), • Microsoft Azure Storage • Networks(Azure Infrastructure).
  • 13. 1.4 Account Storage - Architecture Access Blobs, Tables and Queues for Accounts Location Service DNS Front-Ends Stream Layers Stream Layers Intra-Stamp Replication Storage Stamp VIP Front-Ends Stream Layers Stream Layers Intra-Stamp Replication Storage Stamp VIP Account Management Inter-Stamp Replication https://AccountName.service.core.windows.net
  • 14. 1.5 Account Storage - Storage Stamps • The three layers in the Storage Stamps: • Stream Layer is like a distributed file system layer within the stamps, it understands files, called streams, and it manages how to store, replicate them and more but it doesn’t have any clue about the data or the semantics. • The Partition Layers manages and understands the high data abstraction layer (Blob, Table, Queues, and Files), caching objects, and storing objects on top of the streaming. • The Front-End layer manages the authentication and authorizations for the account though SAS token or Access Key, and it governs the relations between account and partitions.
  • 16. 2.1 Attack01 – Access Using Account Keys Attack • Developers use account keys everywhere, they send by email, they write in the code and often they take notes in files and there are different techniques to use. • Google Dorks are used by a hacker to collect any type of information on the internet, it is a very powerful technique, especially if used is a smart way • The query will search in all Google database for any file indexed of type config, containing the world accountkey in the web sites githup.com and sourceforge.net • The githup is not a typo, google may filter some query types, using this technique you can evade them. Countermeasures • Create Azure policy to block any unauthorize key vault creation (use a dedicated AD group/user) • Set less permission privilege to the Key Vault, monitor any access and notify by email any change • Store any sensitive information in Key Vaults and force developers on using this practice. • Execute automation source code scanning with Azure DevOps
  • 17. 2.2 Attack02 – Ransomware Attack And Encryption Attack • Azure encrypts any data in the storage account, key requirement for certifications ISO 27001, ISO 9001, GDPR and others. But Is there a real risk of a ransomware attack in the cloud?, Answer is Yes. So what can a hacker do? Answer, there is real potentially the entire storage account, all virtual machines, and disks can be encrypt. • A hacker could achieve a privilege escalation attack to the cloud or find the account keys and access to the storage account. If this is achieved, then a hacker has different choices, One quick and very dangerous attack is on the encryption keys, an attacker is able to encrypt the entire storage account. Azure uses two mechanisms to encrypt the data: • one using the internal encryption key; • and the second is using an arbitrary key created by the customer. • Attack simulation to the encryption keys, Hacker only required a basic knowledge of Storage Account and Key Vault, a hacker can :- • To execute a privilege escalation attack to Azure, (contributor access to the resource group re required) • The attacker now will delete the key from the key vault, enter the key vault and delete the key.
  • 18. 2.2 Attack02 – Ransomware Attack And Encryption Countermeasures • The best option is using policies and blocks any unauthorized usage, especially creation. • Create Azure policy to block any unauthorize key vault creation (use a dedicated AD group/user) • Set less permission privilege to the Key Vault, monitor any access and notify by email any change • Use Multi-Factor Authentication in any sensitive location of the company.
  • 19. 2.3 Attack03 – Attack VMs and Disks Attack • Another option is encrypting the content of the storage account, for example, all disks, this is a procedure that we can achieve using Powershell and remotely Countermeasures • Create Azure policy to block any unauthorize encrypting operation (use a dedicated AD group/user) • Set less permission privilege to the resources • Use Multi-Factor Authentication in any sensitive location of the company.
  • 20. 2.4 Attack04 – Storage Tampering attack Attack • This is an extremely effective and dangerous attack, the hacker found the storage account keys and will execute a scan in the account, below an example to list Blobs using Azure CLI : • The attacker has now a clear idea about the content and they may will inject in the storage account-specific malicious content. The hacker could upload malicious scripts, PDF files tampered and more. • Developers and IT administrators use the queues to execute specific infrastructure tasks and execution following a specific FIFO order, the hacker could inject messages in the queue and execute arbitrary code and script. • This Azure storage tampering is usually used in conjunction with the phishing attack.
  • 21. 2.4 Attack04 – Storage Tampering attack Countermeasures • The prevention is the best countermeasure, we must prevent access to the resource. • Create Azure policy to block any unauthorized usage (use a dedicated AD group/user) • Set less permission privilege to the storage account and to the specific resource, monitor any access and notify by email any change • Refer to Attack01 regarding the protection of the keys • Use Multi-Factor Authentication in any sensitive location of the company.
  • 22. 2.5 Attack05 – A Phishing attack Attack • This is a very used attack because able to be combined in many different combinations, the concept is very simple. • trusted web site, the attacker can send email using this URL without being intercepted or blocked, and it looks a legitimate URL. The hacker can simulate an internal communication and an employee could click on the URL and open a malicious file hosted in the blob. • This is a very simple example, in the future we will examine some nasty phishing attacks using a blob storage account. Countermeasures • Robust email security solutions are actually the best option, also filtering any email containing the windows.net domain. • Educate employees about recognizing different types of phishing attacks and avoid clicking any link. • Use multi security layers, scanning email, antivirus and use the red team to test malicious attack. • Educate everybody in the companies, also the very top management. • Use Multi-Factor Authentication in any sensitive location of the company.
  • 23. 2.6 Attack06 – Attack To Blob And Resource Using Anonymous Access Attack • We can set the reading access type of the container and blob as anonymous. We may need to use this setting because we want to provide public access to our content, hackers use this setting for phishing attacks. • Black hats daily scan the public internet and they check the contents of these blobs by: - • Option 1 – Using Shodan - Login with a free account to Shodan.io and use the search string • Option 2 – Using scripting - This is the most productive and effective way to collect anonymous blob storages, we can use any script type technique, the concept is quite simple. • During an HTTP GET to request the anonymous blob storage responds in a different way from a private one, this is the discriminant • A program or script to created any possible combination of the account name and check for any possible public blob on the internet. The procedure is a simple representation of what criminal companies do using very high calculation power. • The program used by these companies is specifically designed to check the content and they use Artificial intelligence to quickly understand if the content can be something useful or not.
  • 24. 2.6 Attack06 – Attack To Blob And Resource Using Anonymous Access Countermeasures • Don’t publish any sensitive information in public storage. Important Note • The usage of public blobs can be a good honey trap, criminals will be focused on that specific area of attack, you may also put false and misleading information. • The honey trap is an interesting strategy and it can be extremely effective if well planned, we can also make the criminal think what we want and discourage them from continuing any more investigation to the company.
  • 25. 2.7 Attack07 – Attacks To The Public and Private IP Addresses In Azure Attack • A public IP is attacked by a hacker after the first five minutes of life on the internet, this is a standard procedure, these people are criminal organizations looking for information to use against the company and employee. You can find public IP exposed in Azure very easily. The entire Azure infrastructure can be scanned for ay public IP’s, open RDP ports with one command : . By this hacker can download the entire Azure IP range by scanning the service, these are all public information. • Never underestimate the internal threats, if a hacker penetrates a VM, he will also have access to the internal network, at least in the subnet, and if the VM is in the domain then the escalation of the damage is not measurable, it depends by the Azure experience of the hacker. Countermeasures • Option 1 – The basic solution is avoid using public IP’s and if you really need then lock it and masquerade. • Option 2 – Control the creation of new Public IP • Option 3 – Use Azure Bastion • Option 4 – Use VPN • VPN is the best option and we avoid exposure to the internet however we still need to handle the private IPs because we can face an internal attack.
  • 27. 3.1 Considerations & Best Practices • Centralize the security control and access using a good subscription structure and firewalling appliance. • Create a Base subscription, install ExpressRoute and firewalling and propagate the connectivity to the other subscriptions, this will give you a lot of control. • Use a proper segmentation of the network and organize your IP Schemas and VNet by Regions. • Create Azure policies and force your network rules • Use Zero trust approach and limit any access • This presentation has highlights some of the most important and dangerous attacks to the Storage Account, prevention is always the best practice and in order to achieve that we need to use Azure Policies. • Azure Policies are the first line of defense, the first opportunity to stop the attack. This is what we need to achieve, we need to stop the attack from the beginning and not in the during. • the most dangerous attack always starts from the internal, we need to make our home secure from any risk. • Don’t trust anybody, even yourself, if you are not sure about something, better ask and discuss it in the team.
  • 28. - END OF DECK By Abdul Khan – https://www.linkedin.com/in/abdul-khan-uk/