惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

The Last Watchdog
The Last Watchdog
博客园_首页
Martin Fowler
Martin Fowler
S
SegmentFault 最新的问题
美团技术团队
小众软件
小众软件
V
V2EX
博客园 - Franky
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
The GitHub Blog
The GitHub Blog
Microsoft Security Blog
Microsoft Security Blog
Attack and Defense Labs
Attack and Defense Labs
S
Security Affairs
Simon Willison's Weblog
Simon Willison's Weblog
I
Intezer
T
The Exploit Database - CXSecurity.com
有赞技术团队
有赞技术团队
S
Schneier on Security
人人都是产品经理
人人都是产品经理
Security Archives - TechRepublic
Security Archives - TechRepublic
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
K
Kaspersky official blog
PCI Perspectives
PCI Perspectives
AI
AI
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
罗磊的独立博客
O
OpenAI News
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
The Register - Security
The Register - Security
V
Vulnerabilities – Threatpost
GbyAI
GbyAI
博客园 - 【当耐特】
C
Cisco Blogs
大猫的无限游戏
大猫的无限游戏
Help Net Security
Help Net Security
Google DeepMind News
Google DeepMind News
S
Securelist
Application and Cybersecurity Blog
Application and Cybersecurity Blog
P
Proofpoint News Feed
博客园 - 三生石上(FineUI控件)
雷峰网
雷峰网
L
LangChain Blog
SecWiki News
SecWiki News
博客园 - 叶小钗
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
V2EX - 技术
V2EX - 技术
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
J
Java Code Geeks
L
LINUX DO - 热门话题
Cisco Talos Blog
Cisco Talos Blog

Company Updates Archives - SpecterOps

SpecterOps and OpenAI: Helping to Build a New Security Frontier with Daybreak SpecterOps Selected for OpenAI’s Trusted Access for Cyber Program Introducing BloodHound Scentry: Accelerate Your Identity Attack Path Management Practice with Expert Guidance Fueling the Fight Against Identity Attacks Life at SpecterOps Part II: From Dream to Reality Life at SpecterOps: The Red Team Dream Final Steps to BloodHound Enterprise for Government— FedRAMP High Compliance BloodHound Community Edition: A New Era Introducing BloodHound 4.3 — Get Global Admin More Often Introducing BloodHound 4.2 — The Azure Refactor War In Ukraine AWS ReadOnlyAccess: Not Even Once The Attack Path Management Manifesto Introducing BloodHound 4.0: The Azure Update “Voting is not only our right — it is our power.” — Loung Ung SpecterOps Badge Life A Push Toward Transparency Announcing Our Formal Partnership with Palantir Introducing the Adversary Resilience Methodology — Part Two Introducing the Adversary Resilience Methodology — Part One Raphael’s Thoughts: SpecterOps acquires MINIS
Announcing Azure in BloodHound Enterprise
Andy Robbins · 2022-03-18 · via Company Updates Archives - SpecterOps

In July of 2021, we launched BloodHound Enterprise. Since then, our customers have been using BHE to easily identify and eliminate millions, even billions of attack paths in their on-prem Active Directory environments.

Today I’m happy to announce support for Azure in BloodHound Enterprise.

BloodHound Enterprise is an Attack Path Management solution that lets you quickly identify, eliminate, and manage attack paths in your on-prem Active Directory, your Azure tenants and subscriptions, and attack paths that bridge those platforms.

Why Attackers Target Azure

More and more organizations are migrating some or all of their identity, access, and endpoint management services into Azure, standing up identities, infrastructure and applications to support their business. Attackers have also noticed this trend see Azure today the way they’ve seen Active Directory for the last 20 years:

Azure is a foundational service that the entire business relies on. If the attacker takes full control of an Azure tenant, they gain full control of the business.

Azure is a ubiquitous product used by more than 95% of Fortune 500 businesses and beyond. Attackers learn how to attack Azure once, then use that knowledge against almost any organization on the planet.

Azure is a powerful collection of identity and infrastructure management tools at the attacker’s disposal to enable lateral movement, persistence, and data exfiltration.

Attack Paths in Azure

Azure services share similar names and concepts with their on-premises counterparts (for example, Azure Active Directory versus Active Directory), but these systems fundamentally differ in how they control access to securable objects, and even what those securable objects are in the first place.

While the systems themselves work differently, attack paths emerge all the same. I’ve written about how attack paths emerge around Service Principals, Azure APIs, and even how they can be used to pivot from Azure back down to on-prem Active Directory.

How BloodHound Enterprise Helps

BloodHound Enterprise is based on the three fundamental pillars of Attack Path Management:

  • Continuous and Comprehensive Mapping of All Attack Paths
  • Empirical Impact Assessment of Attack Path Choke Points
  • Practical, Precise, and Safe Remediation Guidance

As an Attack Path Management solution, BHE offers several benefits:

  • Elimination of Ineffective “Band-Aid” Fixes
  • Measurable Security Posture Improvement
  • Clear Visibility of Privileges in Azure
  • Impractical Best Practice Made Practical

Additionally, BHE makes it easy to audit effective permissions against any object and find potentially dangerous connections to other identity platforms including other Azure tenants and on-prem Active Directory domains.

What’s next?

New attack path research is coming out all the time. As researchers identify new abuse primitives, we’ll be adding those into BloodHound Enterprise as well. I’ll share my own methodology for discovering new abuses in my talk at Insomni’Hack in Geneva next month.

Next month we will do a webinar showing off the new Azure features in BHE. You can register for that webinar here.

All current BloodHound Enterprise customers get early access to Azure support today, with general availability coming next month (April 2022). Not a BHE customer yet? Request a demo today.


Announcing Azure in BloodHound Enterprise was originally published in Posts By SpecterOps Team Members on Medium, where people are continuing the conversation by highlighting and responding to this story.

Post Views: 1,471

Andy Robbins

Principal Security Researcher

Andy Robbins is a Principal Security Researcher at SpecterOps. He is a co-creator of BloodHound. He specializes in Windows, Active Directory, Entra, and Azure tradecraft research and discovery.