BEGIN:VCALENDAR
VERSION:2.0
PRODID:Data::ICal 0.24
BEGIN:VEVENT
DESCRIPTION:   'Title: Automating Insecurity in Azure\n   When: Friday\, Au
 g 12\, 10:10 - 10:50 PDT\n   Where: Flamingo - Sunset-Scenic Ballroom (Clo
 ud Village) - [1]Map\n\n   SpeakerBio:Karl Fosaaen\n   As a Senior Directo
 r at NetSPI\, Karl leads the Cloud Penetration\n   Testing service line an
 d oversees NetSPI's Portland\, OR office. Karl\n   holds a BS in Computer 
 Science from the University of Minnesota and is\n   approaching 15 years o
 f consulting experience in the security\n   industry. Karl spends most of 
 his research time focusing on Azure\n   security and contributing to the N
 etSPI blog. As part of this\n   research\, Karl created the MicroBurst too
 lkit ([2]https://github.com/Netspi/Microburst)\n   to house many of the Po
 werShell tools that he uses for testing Azure.\n   In 2021\, Karl co-autho
 red the book 'Penetration Testing Azure for\n   Ethical Hackers' with Davi
 d Okeyode. Over the years\, Karl has held the\n   Security+\, CISSP\, and 
 GXPN certifications. Since DEF CON 19\, Karl has\n   spent most of his con
 ference time selling merchandise as a Goon on the\n   Merch (formerly SWAG
 ) team.\n   Twitter: [3]@kfosaaen\n\n   Description:\n   Microsoft's Azure
  cloud platform has over 200 services available to\n   use\, so why are we
  picking on just one? Automation Accounts are used\n   in almost every Azu
 re subscription and have been the source of two\n   different CVEs in the 
 last year\, including one issue that exposed\n   credentials between tenan
 ts. Given the credentials and access that are\n   often associated with Au
 tomation Accounts\, they're an easy target for\n   attackers in an Azure s
 ubscription. In this talk\, we will go over how\n   Automation Accounts fu
 nction within Azure\, and how attackers can abuse\n   built-in functionali
 ty to gain access to credentials\, privileged\n   identities\, and sensiti
 ve information. Furthermore\, we will do a deep\n   dive on four vulnerabi
 lities from the last year that all apply to\n   Azure Automation Accounts.
 \n   '\n\n   1. https://defcon.outel.org/consolidated_page.html#FlamingoTh
 irdFloor\n   2. https://github.com/Netspi/Microburst\n   3. https://twitte
 r.com/kfosaaen\n\n\n
DTEND:20220812T175000Z
DTSTART:20220812T171000Z
LOCATION:CLV - Flamingo - Sunset-Scenic Ballroom  (Cloud Village)
SUMMARY:Automating Insecurity in Azure
END:VEVENT
END:VCALENDAR