Purple Clouds: PowerZure

Presenting a purple teaming analysis of PowerZure, an open source offensive security tool that targets Microsoft Azure. Come learn how to use it for offensive research, or how to detect many of it's modules in Azure's telemetry (complete with Sigma detection rules where applicable). The talk is based on my independent research into how to detect the tool from a defensive perspective, but will also include a demo of offensive functionality.

 

About the Presenter: Darin Smith

Darin is a security researcher at Cisco Talos who focuses on the public cloud and enjoys making life harder for threat actors. Previous affiliations include Amazon, the US government, University of California Davis and King’s College London. In his spare time he plays cello and fiddle.

Previous
Previous

The Attack you Dreamed of with Simulation

Next
Next

An Insider's Perspective on Integer Overflow Vulnerabilities