Hi!
Defender for Container’s image scan now supports Windows images that are hosted in Azure Container Registry. This feature is free while in preview, and will incur a cost when it becomes generally available.
I previously written an article in French to explain you how you can leverage Microsoft Defender to scan your Linux container images.
Maxime.
Hi,
To expand the threat protections provided by Microsoft Defender for Storage, Microsoft added a new preview alert.
| Alert (alert type) | Description | MITRE tactic | Severity |
|---|---|---|---|
| PREVIEW – Access from a suspicious application (Storage.Blob_SuspiciousApp) | Indicates that a suspicious application has successfully accessed a container of a storage account with authentication. This might indicate that an attacker has obtained the credentials necessary to access the account, and is exploiting it. This could also be an indication of a penetration test carried out in your organization. Applies to: Azure Blob Storage, Azure Data Lake Storage Gen2 | Initial Access | Medium |
Maxime.
Hi!
In this article, I will show you how you can scan an Azure Blob to identity potential public storage containers. By default when you create a new container, you have 3 options to define the public level access:
To leverage this attack, we will use a function including in the MicroBurst tool.
Invoke-EnumerateAzureBlobs -Base yourcompanyname
In this example, I will use an additional containerlist file with some folders examples (dev, non, prod, devprod, ….)
Invoke-EnumerateAzureBlobs -Base zigmaxlab -Folders .\containerlist.txt
Maxime.
