Advertisement · 728 × 90
#
Hashtag
#SilentReaper
Advertisement · 728 × 90
Graham
Graham
@cirriustech.co.uk
1 week ago
Post image Post image Post image

The issue Microsoft said “wasn’t a vulnerability” has been quietly mitigated.
The API examples no longer expose SAS URIs in the response body.
inputsLink / outputsLink are no longer emitted.
Az-Skywalker can no longer retrieve the secrets, even as GA.
But sure - not a vuln
#SilentReaper #ShadowFixed

1 0 0 0
Graham
Graham
@cirriustech.co.uk
1 year ago
Preview
Silent Reaper (Azure LogicApp Secrets Control Plane Exfiltration) | cloudvulndb.org Cloud vulnerabilities database - an open project to list all known cloud vulnerabilities and Cloud Service Provider security issues

This is kinda cool - my #Azure #SilentReaper vulnerability (that #Microsoft say is by design, not a vulnerability) is now listed in the #CloudVulnDB 🤩 #SecurityResearch#CloudSecurity #LogicApps #CredentialTheft #Undetectable #SharingIsSecuring #WeAllWinTogether

www.cloudvulndb.org/azure-logic-...

0 1 0 0
Graham
Graham
@cirriustech.co.uk
1 year ago
Post image

I iz in ur logicappz, stealin ur secretz #SilentReaper #Azure #VulnNotVuln #DataExfiltration #CredentialTheft #Cloud #SecurityResearch #Microsoft

Blog: cirriustech.co.uk/blog/azure-s...
Tools: github.com/Az-Skywalker...

2 1 2 1
Graham
Graham
@cirriustech.co.uk
1 year ago
Preview
GitHub - Az-Skywalker/Az-Skywalker Contribute to Az-Skywalker/Az-Skywalker development by creating an account on GitHub.

New Security Tooling: github.com/Az-Skywalker...

#AllYouNeedIsRead #Azure #Microsoft #SecurityVulnerability #VaultRecon #SilentReaper #AzSkywalker

1 1 1 0
Graham
Graham
@cirriustech.co.uk
1 year ago
Preview
SilentReaper: Undetectable Azure Control Plane Data Harvest Exposing how control plane exploits in Microsoft’s iPaaS services enable silent data harvesting from workflows and secrets.

New Blog Post: cirriustech.co.uk/blog/azure-s...

#AllYouNeedIsRead #Azure #Microsoft #SecurityVulnerability #VaultRecon #SilentReaper #AzSkywalker

2 2 2 0
Graham
Graham
@cirriustech.co.uk
1 year ago
Preview
VaultRecon: An Azure Control Plane/Data Plane Isolation Flaw How Microsoft's Isolation of Control Plane and Data Plane for Key Vault is flawed

New Blog Post: cirriustech.co.uk/blog/azure-v...

#AllYouNeedIsRead #Azure #Microsoft #SecurityVulnerability #VaultRecon #SilentReaper #AzSkywalker

1 1 1 0
Graham
Graham
@cirriustech.co.uk
1 year ago
Preview
All You Need Is Read - Disclosing disputed cloud service provider vulnerabilities YouTube video by Cirrius Tech

In case you missed it live, you can watch it back here. www.youtube.com/live/ttu34tA...

#AllYouNeedIsRead #Azure #Microsoft #SecurityVulnerability #VaultRecon #SilentReaper #AzSkywalker

0 1 1 0