BEGIN:VCALENDAR
VERSION:2.0
PRODID:Data::ICal 0.24
BEGIN:VEVENT
DESCRIPTION:   'Title: What the Function: A Deep Dive into Azure Function A
 pp\n   Security\n   When: Saturday\, Aug 12\, 13:30 - 14:10 PDT\n   Where:
  Flamingo - Mesquite - Cloud Village - [1]Map\n   Speakers:Karl Fosaaen\,T
 homas Elling\n\n   SpeakerBio:Karl Fosaaen \, VP of Research at NetSPI\n  
  As a VP of Research\, Karl is part of a team developing new services\n   
 and product offerings at NetSPI. Karl previously oversaw the Cloud\n   Pen
 etration Testing service lines at NetSPI and is one of the founding\n   me
 mbers of NetSPI's Portland\, OR team. Karl has a Bachelors of\n   Computer
  Science from the University of Minnesota and has been in the\n   security
  consulting industry for 15 years. Karl spends most of his\n   research ti
 me focusing on Azure security and contributing to the\n   NetSPI blog. As 
 part of this research\, Karl created the MicroBurst\n   toolkit ([2]https:
 //github.com/NetSPI/Microburst) to house many of the\n   PowerShell tools 
 that he uses for testing Azure. In 2021\, Karl\n   co-authored the book "P
 enetration Testing Azure for Ethical Hackers"\n   with David Okeyode.\n   
 Twitter: [3]@kfosaaen\n\n   SpeakerBio:Thomas Elling\n   Thomas Elling is 
 the Director of Cloud Pentesting and a security\n   researcher at NetSPI. 
 He specializes in web application and cloud\n   security testing. He has a
 dvised multiple Fortune 500 companies in the\n   technology sector. In his
  spare time\, Thomas enjoys improving his\n   coding skills\, watching bad
  action movies\, and hanging out with his\n   dog\, Chunks.\n\n   Descript
 ion:\n   As organizations have evolved from the "Lift and Shift" cloud\n  
  migration strategy to building "Cloud Native" applications\, there has\n 
   been a significant increase in the usage of Platform as a Service\n   (P
 aaS) services in the cloud. The Azure Function App service is a\n   common
 ly used resource in this space\, as it provides simple and easy\n   to dep
 loy application hosting. While the serverless service offers a\n   wide va
 riety of convenient features\, it also comes with its own\n   security cha
 llenges.\n\n   We will be discussing how the service is utilized by Azure 
 customers\n   and some of the architecture design flaws that can lead to p
 rivilege\n   escalation scenarios. Additionally\, we will be covering a re
 cently\n   remediated privilege escalation issue that resulted in the Azur
 e\n   “Reader” RBAC role gaining code execution privileges in Function
 \n   App containers.\n\n   We will also be releasing a tool that automates
  the exploitation of\n   write access on a Function App's Storage Account.
  The tool will allow\n   you to gain cleartext access to the Function App 
 keys\, and will\n   generate Managed Identity tokens that can be used to p
 ivot to the\n   Function App’s identity. Finally\, we will also include 
 best\n   practices and recommendations on how defenders can implement poli
 cy\n   and configuration changes that help mitigate these issues.\n\n   '\
 n\n   1. #FlamingoThirdFloor\n   2. https://github.com/NetSPI/Microburst\n
    3. https://twitter.com/kfosaaen\n\n\n
DTEND:20230812T211000Z
DTSTART:20230812T203000Z
LOCATION:CLV - Flamingo - Mesquite - Cloud Village
SUMMARY:What the Function: A Deep Dive into Azure Function App Security
END:VEVENT
END:VCALENDAR