Log in Your Own Eye - Exploiting a Stealthy C2 Channel in Azure Logging Infrastructure

Explore the exploitation of Azure Log Analytics as a covert channel in this BSidesSF 2022 conference talk. Dive into the potential security risks of cloud logging infrastructure, specifically focusing on Azure's logging system. Learn about the Custom Query Language, external data integration, and the vulnerabilities that can arise from these features. Understand the scenario, considerations, and proof of concept for this exploitation technique. Witness a live demonstration of the covert communication channel and discuss its implications as a Command and Control (C2) mechanism. Analyze potential mitigation strategies and broader security concerns related to cloud logging systems. Gain valuable insights into securing Azure environments and enhancing threat detection capabilities in cloud infrastructures.

Intro
About Me
Agenda
Azure
Azure Log Analytics
Custom Query Language
External Data
Exploitation
Whats the problem
Scenario
Considerations
Proof of Concept
Communication
Demo
Why C2 Channel
How would you address this
The issue goes beyond this
Wrap up
Outro