Andy RobbinsDec 21, 2022

New blog post out: Passwordless Persistence and Privilege Escalation in Azure.

Link: https://posts.specterops.io/passwordless-persistence-and-privilege-escalation-in-azure-98a01310be3f

In this blog post I explain how new passwordless authentication mechanisms like Azure's Certificate Based Authentication can be subverted by adversaries to establish long-term stealthy persistence, and explain a built-in privilege escalation primitive that exists in CBA.

Passwordless Persistence and Privilege Escalation in Azure

Adversaries are always looking for stealthy means of maintaining long-term and stealthy persistence and privilege in a target environment. Certificate-Based Authentication (CBA) is an extremely…

Posts By SpecterOps Team Members
Show threadFabian BaderDec 21, 2022

@wald0
Great post and attack path 👏 always a treat.

You might consider adding Authentication strength as an additional defensive method, as you could restrict CBA for certain roles this way.

Show threadAndy Robbins
@fabian_bader Excellent suggestion, I will add that to the post as soon as I can.
Dec 21, 2022 at 10:44pmWeb