msandbu

Threat Hunting in Microsoft Azure

A while back, a customer asked me to help inspect what happened to an environment in Azure that got compromised and was used to launch a ransomware attack.  Unfortunately, this environment also had a VPN connection between Azure and their existing on-premises data center which also meant that their entire infrastructure got compromised eventually…. Now …

Threat Hunting in Microsoft Azure Read More »

Upgrade Azure Kubernetes Service using Terraform

With Azure Kubernetes Service, Microsoft is constantly developing the service to follow the release cycle of Kubernetes, with an updated version coming every 3. months it means that it requires a lot of upgrading of the Kubernetes instances to be on a supported version. Microsoft has a list here of the release calendar Supported Kubernetes versions …

Upgrade Azure Kubernetes Service using Terraform Read More »

Getting started with Azure Operator for Kubernetes

So, what is a Kubernetes Operator? it is software extensions to Kubernetes to provide it with the ability to provision resources or changes outside of the cluster. Think about the ability to provision resources in a cloud provider but as Kubernetes resources instead of using other means to build resources. Consider that Kubernetes can be …

Getting started with Azure Operator for Kubernetes Read More »

Customize Azure Kubernetes Service Diagnostics for Azure Log Analytics

If you are using Azure Kubernetes Service you will also in many cases, be using Container Insights in combination with Kubernetes Cluster audit data, which allows for deeper insight into your Kubernetes environment and containers. However, with the default settings, Container Insight and Kubernetes Audit is a data-hungry demon it seems. If you have a …

Customize Azure Kubernetes Service Diagnostics for Azure Log Analytics Read More »

Trouble with Exchange in 2022 – Cannot Convert 220101001 to long

Many Exchange admins woke up today and seeing that Exchange is no longer processing emails. This is because Microsoft Filtering Management Service is stopping because it cannot handle the new date format. The reason for this is because Microsoft is using a signed int32 for the date and with the new value of 2.201.010.001 is …

Trouble with Exchange in 2022 – Cannot Convert 220101001 to long Read More »

Log4Shell – Log4J CVE-2021-44228 Vulnerability

NB: Updated constantly Here is a summary of what Microsoft had of information https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/ * Over a period of the last 4 months, the library has been downloaded 28.6 million. * Ingenuity, the Mars 2020 Helicopter mission, is powered by it. * On Friday alone there were about 840,000 endpoints that were running a vulnerable instance based …

Log4Shell – Log4J CVE-2021-44228 Vulnerability Read More »

Monitoring availability of Microsoft Azure and Office 365

Last week, Microsoft had an issue with an ISP in Norway which affected the availability of Azure and Office 365 services for Norwegian customers without it being reflected in any of the Azure Status Pages. Therefore, I wanted to provide an “outside” view of the availability of the different Azure services to give me a …

Monitoring availability of Microsoft Azure and Office 365 Read More »

Vulnerability CVE-2021-42306 CredManifest in Azure Automation and how to fix it

For customers that are using Azure Automation in many cases have been using it to build runbooks to automate against Azure environments (using a built-in AzureRunAsAccount) which is automatically created using the Azure Portal wizard. This creates a service principal in Azure Active Directory and gets by default contributor access to the environment. This configuration, …

Vulnerability CVE-2021-42306 CredManifest in Azure Automation and how to fix it Read More »

Scroll to Top