YoVDO

ChaosDB - How We Hacked Databases of Thousands of Azure Customers

Offered By: Black Hat via YouTube

Tags

Black Hat Courses Cybersecurity Courses Cloud Computing Courses Database Management Courses Server Configuration Courses Network Reconnaissance Courses

Course Description

Overview

Dive into a critical cybersecurity presentation from Black Hat that exposes ChaosDB, a severe cross-tenant vulnerability in Azure Cosmos DB. Discover how the Wiz Research Team uncovered this unprecedented cloud vulnerability that allowed unauthorized access to thousands of Azure customers' databases. Learn about the exploitation process, including Jupyter Notebook LPE, unrestricted network access, and account service takeover. Explore the research mindset, network reconnaissance techniques, and the full exploit chain. Gain insights into the disclosure timeline and the far-reaching implications of this security flaw for organizations worldwide.

Syllabus

Intro
Wiz Research Team
Motivation
Research Mindset
Bug #1 - Jupyter Notebook LPE
Bug #2 - Unrestricted Network Access
Network Recon - IMDS
Network Recon - WireServer
WireServer 101 - Extension Configuration
Wire Server 101 - Certificate Endpoint
Decoding CertificatesBondPackage
Listing Running Applications in Cluster
Recap - The Full Exploit
Disclosure Timeline
Account Service Takeover


Taught by

Black Hat

Related Courses

The Docker for DevOps course: From development to production
Udemy Microsoft Exchange Server 2016 - 3: Mailbox Databases
Microsoft via edX System Administration and IT Infrastructure Services
Google via Coursera Administração de Sistemas e Serviços de Infraestrutura de TI
Cresça com o Google via Coursera AWS: Publish a NodeJS Website from Scratch
Coursera Project Network via Coursera