Raunak Parmar , White Knight Labs
Raunak Parmar works as a senior cloud security engineer at White Knight Labs. His areas of interest include web penetration testing, Azure/AWS security, source code review, scripting, and development. He enjoys researching new attack methodologies and creating open-source tools that can be used during cloud red team activities. He has worked extensively on Azure and AWS and is the author of Vajra, an offensive cloud security tool. He has spoken at multiple respected security conferences like Black Hat, Defcon, Nullcon, RootCon, and also at local meetups.
Talk: Exploring Azure Logic Apps and Turning Misconfigurations into Attack Opportunities
Talks will be streamed on YouTube and Twitch for free.
Azure Logic Apps, a powerful tool for automating workflows and system integration, plays a pivotal role in modern cloud operations. However, these capabilities come with hidden risks numerous potential security vulnerabilities and attack vectors that can be exploited due to unnoticed misconfigurations. This session will examine the complex attack surface of Azure Logic Apps, revealing how attackers can manipulate its features to compromise cloud environments.
We will cover critical topics such as the exposure of sensitive data due to improperly secured Logic Apps, the execution of inline C# code to perform malicious actions, privilege escalation within storage accounts, hijacking API connections, and techniques for facilitating cloud-to-on-premises lateral movement. Additionally, we will address the often-overlooked risks associated with custom authorization logic, showcasing real-world examples of how weak authentication mechanisms can be bypassed, resulting in unauthorized access and data breaches.
Furthermore, we will explore the broader implications of misconfigured Logic Apps, such as overly permissive role-based access control (RBAC), insecure service principals, and unprotected connections to external systems. These misconfigurations can open the door to privilege escalation, unauthorized access, and even cloud-to-cloud or cloud-to-on-premises lateral movement.
By examining these threats and their countermeasures, organizations can strengthen the security of their Logic App implementations and ensure resilient cloud operations. Real-world scenarios and exploitation techniques will be dissected to highlight critical vulnerabilities in these workflows.
Training: Attacking & Securing CI/CD Pipeline Course
The "Attacking and Securing CI/CD Pipelines" course is a dynamic, hands-on training program designed to equip participants with the skills to identify, exploit, and mitigate vulnerabilities within Continuous Integration and Continuous Deployment environments. As CI/CD pipelines form the backbone of modern software development, their security is paramount. This self-paced course blends theoretical insights with practical, real-world labs to create an immersive learning experience.
Participants will explore critical security concepts, including hijacking techniques, artifact poisoning, branch protection misconfiguration bypasses, and OIDC misconfigurations. The course also emphasizes countermeasures and best practices for securing pipelines across popular platforms like GitHub Actions, AWS CodeBuild, CircleCI and Azure DevOps. By the end of the program, learners will have the expertise to both attack and secure CI/CD environments effectively.
Designed for DevSecOps professionals, penetration testers, red team operators, and security engineers, the course provides a flexible and comprehensive approach to CI/CD security. Whether you're securing pipelines or simulating attacks, this course offers a robust foundation in CI/CD security.