{
	"id": "9601b516-1d19-4c85-b91f-8b31c7fb0bf3",
	"created_at": "2026-04-06T00:21:01.006228Z",
	"updated_at": "2026-04-10T03:21:44.56056Z",
	"deleted_at": null,
	"sha1_hash": "f61b363147d513e00b05c7d8d5dec8a259ec58ce",
	"title": "Blue Cloud of Death: Red Teaming Azure",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 37863,
	"plain_text": "Blue Cloud of Death: Red Teaming Azure\r\nArchived: 2026-04-05 14:23:08 UTC\r\nBSides Denver Presentation on May 11 2018\r\nOn-demand IT services are being publicized as the “new normal”, but often times these services are\r\nmisunderstood and hence misconfigured by engineers which can frequently enable red teams to gain, expand, and\r\npersist access within Azure environments.\r\nIn this talk we will dive into how Azure services are commonly breached (e.g. discovering insecure blob storage),\r\nand then show how attackers are pivoting between the data \u0026 control planes (e.g. mounting hard disks, swapping\r\nkeys, etc...) to expand access. Finally we will demonstrate some unique techniques for persisting access within\r\nAzure environments for prolonged periods of time.\r\nBryce Kunz (@TweekFawkes) is an Information Security Researcher located in Salt Lake City, Utah. Bryce\r\ncurrently leads the security offensive testing of Adobe's Marketing Cloud SaaS infrastructure via researching and\r\ndeveloping custom exploits for web applications and other cloud based technologies. As a security professional,\r\nBryce has spent time at various agencies (i.e. NSA, DoD, DHS, CBP) focusing on vulnerability research,\r\npenetration testing, and incident response. Bryce received an MBA from a NSA designated \"Center of Excellence\"\r\nIdaho State University (ISU) program with an emphasis in Information Assurance (IA) on a full academic\r\nscholarship from the National Science Foundation (NSF). Bryce holds numerous certifications (e.g. OSCP, CISSP,\r\n...) and has spoken at various security conferences (i.e. DerbyCon, etc...).\r\nSource: https://speakerdeck.com/tweekfawkes/blue-cloud-of-death-red-teaming-azure-1\r\nhttps://speakerdeck.com/tweekfawkes/blue-cloud-of-death-red-teaming-azure-1\r\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"references": [
		"https://speakerdeck.com/tweekfawkes/blue-cloud-of-death-red-teaming-azure-1"
	],
	"report_names": [
		"blue-cloud-of-death-red-teaming-azure-1"
	],
	"threat_actors": [],
	"ts_created_at": 1775434861,
	"ts_updated_at": 1775791304,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/f61b363147d513e00b05c7d8d5dec8a259ec58ce.pdf",
		"text": "https://archive.orkl.eu/f61b363147d513e00b05c7d8d5dec8a259ec58ce.txt",
		"img": "https://archive.orkl.eu/f61b363147d513e00b05c7d8d5dec8a259ec58ce.jpg"
	}
}