YoVDO

ChaosDB - How We Hacked Databases of Thousands of Azure Customers

Offered By: Black Hat via YouTube

Tags

Black Hat Courses Cybersecurity Courses Ethical Hacking Courses Azure Cosmos DB Courses Cloud Security Courses Network Reconnaissance Courses

Course Description

Overview

Dive into a detailed exploration of ChaosDB, a critical cross-tenant vulnerability discovered in Azure Cosmos DB. Learn how the Wiz Research Team uncovered this unprecedented cloud vulnerability that allowed any Azure user to gain full admin access to thousands of customers' databases without authorization. Understand the technical aspects of the exploit, including Jupyter Notebook LPE, unrestricted network access, and the intricacies of WireServer. Follow the step-by-step process of the full exploit, from initial reconnaissance to account service takeover. Gain insights into the disclosure timeline and the far-reaching implications of this security breach for organizations using Azure's flagship managed database solution.

Syllabus

Intro
Wiz Research Team
Motivation
Research Mindset
Bug #1 - Jupyter Notebook LPE
Bug #2 - Unrestricted Network Access
Network Recon - IMDS
Network Recon - WireServer
WireServer 101 - Goal State
WireServer 101 - Extension Configuration
WireServer 101 - Certificate Endpoint
Decoding CertificatesBondPackage
Recon - Cluster Endpoint - Manifest
Listing Running Applications in Cluster
Recap - The Full Exploit
Disclosure Timeline
Account Service Takeover


Taught by

Black Hat

Related Courses

Computer Security
Stanford University via Coursera Cryptography II
Stanford University via Coursera Malicious Software and its Underground Economy: Two Sides to Every Story
University of London International Programmes via Coursera Building an Information Risk Management Toolkit
University of Washington via Coursera Introduction to Cybersecurity
National Cybersecurity Institute at Excelsior College via Canvas Network