Home / Companies / Sysdig / Blog / Post Details
Content Deep Dive

No single pane of glass: Anatomy of an Azure permission takeover

Blog post from Sysdig

Post Details
Company
Date Published
Author
Lydia Graslie
Word Count
4,158
Company Posts That Month
3
Language
English
Hacker News Points
-
Post removed?
No
Summary

An Azure permission takeover incident analyzed by the Sysdig Threat Research Team illustrates the complexities of cloud security, where an attacker used a leaked service-principal credential to gain dual-plane control of an Azure tenant. This involved exploiting disjointed permission systems within Azure that include Entra directory roles, Azure RBAC, resource-local access policies, identity-less bearer keys, and Graph API application permissions. The attack demonstrated how these systems, lacking a unified monitoring interface, allowed the attacker to escalate privileges and plant persistence across various identities without detection. The incident highlights the need for comprehensive visibility and monitoring that spans all five permission planes and emphasizes the importance of treating non-human identities (NHIs) as critical as human accounts in security practices. The narrative underscores the structural challenges in Azure's permission model, advocating for cross-plane correlation and enhanced logging practices to mitigate such threats effectively.

Trends Found in this Post

No tracked trend matches for this post yet.

Use This Data

Use this post, company, and trend context to find content marketing opportunities, perform competitive analysis, or address product feature gaps via the Plushcap MCP server or the Plushcap API.