Blog

Welcome to this deep dive into Azure security. Whether you are a red teamer, cloud security engineer or just curious about how Azure internals work, this blog has something for you. In this blog, we will discuss the concept of Global Azure Resource Manager (ARM) API endpoints and how they can be abused in certain Azure attack scenarios. To demonstrate this, we will walk through a hands-on lab from Altered Security's Red Labs platform (https://redlabs.enterprisesecurity.io/),

We have recently added a new set of 15 Automation Account challenges, each designed to highlight distinct attack vectors and provide comprehensive, hands-on learning opportunities. In this blog post, we will explore one of these Automation Account challenges on the RedLabs platform: Automation Account 13. You can find the complete series of Automation Account challenges on RedLabs platform here: https://redlabs.enterprisesecurity.io/ Before diving into the challenge itself, i

Welcome to this deep dive into Azure security. Whether you are a red teamer, cloud security engineer or just curious about how Azure internals work, this blog has something for you. In this blog, we will discuss the concept of Global Azure Resource Manager (ARM) API endpoints and how they can be abused in certain Azure attack scenarios. To demonstrate this, we will walk through a hands-on lab from Altered Security's Red Labs platform (https://redlabs.enterprisesecurity.io/),