Cloud Security Podcast Features Azure Security Expert Katie Nes

In this video, the Cloud Security podcast welcomes Katie Nes, an Azure security expert, to discuss incident response in the Azure environment. The conversation begins with an introduction to the concept of "llm jacking," a form of resource theft where attackers exploit AI models to divert computing power. Katie shares recent reports on this topic and emphasizes the importance of securing resources exposed to the Internet. Katie Nes, who has extensive experience in security, network and web app penetration, and incident response, explains the similarities and differences between on-premises and cloud security, particularly in Azure. She highlights the importance of understanding permissions and identities in Azure, including Global Admin roles and Service Principals. She explains how attackers can exploit these permissions to access sensitive resources, underscoring the complexity of interactions between identities and resources in Azure. The discussion continues with a detailed analysis of the different types of identities in Azure, including users, Service Principals, Managed Identities, and App Roles. Katie explains how these identities interact and how they can be exploited by attackers to obtain elevated permissions. She also mentions Administrative Units, a feature that allows scoping the permissions of identities, and how they can be used for attacker persistence. Katie also addresses the topic of networking in Azure, comparing traditional networking concepts with those specific to Azure, such as Network Security Groups (NSGs) and Application Security Groups. She emphasizes the importance of understanding network rules specific to each type of resource in Azure, such as databases and storage services. The conversation then turns to common incidents in Azure, such as the exposure of resources to the public, crypto-mining attacks, and illicit OAuth consents. Katie shares concrete examples of incidents and provides advice on how to investigate and mitigate them. She stresses the importance of correctly configuring logs and permissions to detect and respond to incidents effectively. Katie also shares her personal experience in security research and incident response, highlighting the importance of collaboration and continuous learning. She mentions useful resources for learning the fundamentals of Azure, such as Microsoft Learn's free labs and John Savill's videos on YouTube. Finally, Katie answers some personal questions, sharing her hobbies outside of work, such as guitar lessons, and her moments of pride, like her recent marriage. She encourages listeners to explore the field of Azure security further and to remain curious and passionate about continuous learning. To learn more about Katie Nes's research and to follow her, you can find her on LinkedIn under the name Katie Nolles, and on Twitter under the handle sigil.