Field notes on identity and cloud attacks

A leaked SAS key has no user to disable: tapping Event Hub streamsAzure

A leaked SAS Listen key lets an attacker register a new consumer and silently read a live event stream. The principal is the key, not a user, so you rotate, not disable.

A leaked Teams webhook URL is a phishing cannon in a trusted channelIdentity & Access

A leaked incoming-webhook URL lets anyone post spoofed internal alerts into a Teams channel. There is no account to suspend, because the URL itself is the secret.

A poisoned base image: when cleaning your registry is not enough

Stolen registry credentials repoint a popular tag to a poisoned image, and downstream builds inherit the implant. The containment step internal-only thinking forgets is the notification.

A protected read with no violation: bridging VPC Service ControlsGCP

VPC Service Controls stops data leaving even when IAM says yes, but an over-trusted ingress rule and a broad access level can bridge the boundary for valid credentials.

A ServiceNow business rule that quietly ships records out the backSaaS

A malicious business rule runs server-side on every record operation and exfiltrates silently for days. Logging the deployer out does nothing. You have to remove the code.

A stolen DevOps PAT carries the user's authority without the userAzure

A leaked Azure DevOps personal access token is a long-lived bearer credential. It clones repos, reads pipeline secrets, and poisons the build, and a password reset does not stop it.

A stolen Workday ISU has no human to reset: mass HR and payroll theft

A Workday Integration System User is a non-human service account with a key. Stolen and over-privileged, it pulls full-population payroll and PII reports for exfiltration.

A Zap as an exfil channel: why your egress firewall is uselessAzure

A malicious Zap pipes your CRM to an attacker webhook, running server-side on Zapier with connections you already authorized. Blocking it at your firewall does nothing. Here is what does.

ADCS ESC12: owning the CA host means re-keying, not reimaging

Shell access on the certificate authority host gives an attacker the signing-key context to forge certificates for anyone. Reimaging is not enough. You re-key and distrust the old key.

ADCS ESC14: a writable mapping that turns any cert into admin

An attacker writes an explicit certificate mapping onto a privileged account and, under weak binding, authenticates as it. The password was never the control, so you enforce strong binding.

ADCS ESC2: the certificate template that hands out admin access

A template with the Any Purpose EKU lets any low-privileged user enroll a certificate that authenticates as an admin. The cert is the credential, so you fix the template and revoke.

AdminSDHolder abuse: when your cleanup is reverted every hourActive Directory

A rogue ACE on AdminSDHolder is re-stamped onto every privileged object hourly by SDProp. Clean the group and it returns. You fix the template, not the symptoms.

Agentless and invisible: VM Run Command as a control-plane pivotAzure

With Bastion and the VM Run Command extension an attacker executes on a VM with no open port and no agent of their own, then steals its managed-identity token to pivot.

allAuthenticatedUsers on IAP: when authentication is not authorizationGCP

Identity-Aware Proxy gates internal apps with IAM, not network. One over-broad binding to allAuthenticatedUsers lets any signed-in Google account reach the app.

An OAuth app token outlives the user: bulk Zoom recording exfiltrationIdentity & Access

An over-scoped Zoom OAuth app with recording:read holds a long-lived token. Abused, it enumerates and downloads cloud recordings and transcripts account-wide.

An open Atlas access list turns one leaked key into a full dump

A migration left a MongoDB Atlas access list open to the world. One leaked database user then read every collection. Close the network and the credential, not just one.

Apigee revision tampering: weak auth and a credential-leaking calloutGCP

Whoever can deploy an Apigee proxy revision controls how every API authenticates and routes. A tampered revision leaks bearer tokens on every call. Restore the revision, do not block a host.

APIM policy tamper: stripped JWT validation and a hidden response tapAzure

An attacker with a subscription key rewrites the APIM gateway policy to drop authentication and mirror every response. One restore fixes both. Here is how.

AppSync field-level authorization: the gate that decides what a caller readsAWS

A GraphQL API with a broad API key and no per-field authorization lets a caller read backend records they were never entitled to. Here is the path and the real fix.

AWS RAM share abuse: a cross-account foothold that hides from IAMAWS

Sharing subnets and resolver rules to an attacker account creates network and DNS reach that never touches IAM trust policies. There is no token to revoke.

AWS root takeover: why resetting your IAM admins will not helpAWS

Controlling the registered email and phone lets an attacker reset AWS root, which sits above every IAM policy and SCP. IAM controls cannot evict it. You regain it through AWS account recovery.

Azure Arc as a backdoor: cloud-driven commands a password reset cannot stopAzure

Azure Arc projects on-prem servers into the cloud control plane and gives them a managed identity. Abused, it is hybrid persistence that survives local credential changes.

Azure Lighthouse: the standing access that never shows in your IAM bladeAzure

Azure Lighthouse lets a managing tenant act on your resources without a guest account, and the grant never shows in your IAM blade. Here is how that hides over-broad access and how to find it.

Azure ML token theft: when a notebook schedules its own persistenceAzure

A notebook on ML compute steals the workspace identity token, then schedules a job that re-mints it on a timer. Deleting one compute does not help. Here is what kills the loop.

Azure Policy tampering: a green dashboard that is lying to youAzure

Edit the policy and you turn off the guardrail and the auditor at once. A deny policy disappears, public resources appear, and the compliance dashboard stays green.

Azure SQL exfiltration: no password to reset, just a managed identityAzure

Managed identities remove passwords, which is good, but over-grant one and the attacker who owns the app owns the data. There is no login to reset. You revoke the database role.

Azure VM extension abuse: SYSTEM code with nobody logged inAzure

In Azure you do not need RDP or SSH to run code on a VM. If you can write an extension, the guest agent runs your script as SYSTEM. The fix lives at the control plane, not the host.

Backdooring the IdP: Auth0 Management API persistence that outlives the tokenIdentity & Access

An Auth0 Management API token can rewrite the identity provider itself. Rotating the token alone leaves the rogue client and post-login Action issuing tokens, so you must remove both.

Backup Operators is Tier-0: how SeBackupPrivilege dumps your domainActive Directory

Backup Operators on a domain controller is not a benign IT-ops group. SeBackupPrivilege lets a member read NTDS.dit and dump every hash, KRBTGT included.

BadSuccessor: how an OU write becomes Tier-0 in Server 2025Active Directory

On a Server 2025 domain, create rights over one OU let an attacker make a dMSA the successor of a Tier-0 account and inherit its privileges. The fix is in the link, not a password.

Behavioral data is regulated data: Amplitude export key abuseSaaS

A leaked Amplitude secret key bulk-exports behavioral data: device ids, user properties, and in-app behavior. No password was taken, but the privacy duty is real.

Blinding the monitors: AWS Config and Inspector disabled before the breachAWS

Attackers blind defenders before they act. Disabling AWS Config and Inspector kills drift and vulnerability detection. CloudTrail still records the act of turning them off.

Blinding the SOC: when Defender and Sentinel are switched offAWS

An attacker turns off the lights first: Defender downgraded, Sentinel rules deleted, diagnostics cut. The disabling actions are the alert, because the Activity Log still records them.

Breakglass abused: deploying an unsigned image past Binary AuthorizationGCP

Binary Authorization admits only signed, attested images, but the breakglass annotation overrides it. An attacker with deploy rights runs an unsigned image in production.

CircleCI context dump: from a printed secret to the cloud account

A CI job that echoes your contexts hands an attacker production cloud credentials. Once printed, the whole context is burned, so you rotate all of it and deny the cloud sessions it issued.

Cloud Scheduler persistence: a saved cron that outlives every sessionGCP

A rogue Cloud Scheduler job fires attacker code on a cron as a service account. It survives reboots and key rotations because it is a saved schedule. Here is how you remove it.

Cloud Shell is a pre-authenticated prize: stealing a developer's tokensGCP

Cloud Shell carries the developer's own scopes and a persistent home directory. An attacker harvests its tokens, plants persistence, and acts as the developer.

Code execution inside the data stack: dbt Cloud service-token abuseSaaS

A leaked dbt Cloud service token runs attacker-authored models that execute arbitrary SQL in the warehouse under dbt's own trust. dbt sits on two credentials, and you must cut both.

CodeBuild poisoning: a green pipeline that stole its own credentialsAWS

A poisoned buildspec runs with the privileged service role, harvests its credentials, and ships a backdoored artifact through the trusted deploy path. A green pipeline proves little.

Contain at the IdP: Ping OAuth client abuse fans out across appsIdentity & Access

A stolen Ping OAuth client secret sits at the trust root, so it mints tokens for every federated app at once. You contain at the identity provider, not app by app.

DCShadow: when empty security logs mean the attack workedActive Directory

DCShadow registers a fake domain controller and pushes directory changes over replication, bypassing object auditing. You hunt replication metadata, not security events.

Defeating MFA from its admin plane: Duo Admin API abuseIdentity & Access

A stolen Duo Admin API key mints a bypass code, enrolls an attacker device, and weakens a policy. MFA is defeated administratively without ever touching the user. Revoking the key is only step one.

Diamond Ticket: a real TGT with a forged PAC inside itActive Directory

A Diamond Ticket edits a genuine KDC-issued TGT instead of fabricating one, so ticket-existence checks miss it. The only durable fix is the double KRBTGT reset.

DKIM passed, and that is the problem: SendGrid key phishingSaaS

A stolen SendGrid key sends phishing through your verified domain so it passes DKIM and SPF. On an authenticated domain those checks prove nothing, so you revoke the key and revert its changes.

DnsAdmins is Tier-0: a DLL that runs as SYSTEM on your DCActive Directory

A DnsAdmins member can point the DNS service at an attacker DLL and load it as SYSTEM on a domain controller. The restart is the weapon, so clear the value first.

EC2 Instance Connect abuse: an out-of-band shell with no key to rotateAWS

Push a 60-second SSH key with one IAM call and you get a shell with no persistent key on the host. Rotating the host key pair does nothing.

Entra Application Proxy abuse: a quiet tunnel into your networkEntra & M365

An attacker who can publish through Application Proxy exposes an internal app to the internet over an on-prem connector, a durable inbound foothold with no VPN.

Faking managed: how a rogue endpoint passes Okta device trustSaaS

Device trust is only as strong as the enrollment behind it. A rogue endpoint that claims managed posture satisfies a device-based sign-on policy with no real corporate machine.

Forged claims at the source: hijacking Okta token issuanceSaaS

An Okta inline hook lets an external endpoint join token issuance. Point it at attacker code and every token can carry group claims that were never assigned.

From scoped operator to fleet control: Intune RBAC scope-tag escalationEntra & M365

A scope-tag or role-assignment misconfiguration lets a limited Intune operator widen their own reach to the entire fleet. The escalation lives in a grant, not a session.

Glue and Athena exfiltration: the data lake leaves through the front doorAWS

A compromised analytics role runs normal Glue jobs and Athena queries, but writes the results to an attacker bucket. The activity is routine. The destination is the tell.

Golden Ticket: why one KRBTGT reset never stops a forged TGTActive Directory

After KRBTGT theft, an attacker forges Kerberos tickets offline for any identity. Resetting users does nothing and one KRBTGT reset is not enough. You reset it twice.

How a tampered access-package policy lets a guest self-grant privilegeEntra & M365

Entitlement Management governs requests with approval and scope. Change those guardrails and an external guest can self-grant a privileged bundle with no human in the loop.

HubSpot private-app token leaks: rotate the token, not the adminSaaS

A leaked HubSpot private-app token can paginate the whole CRM out the door. The principal is the token, so you rotate it in the private app, not reset the admin who built it.

In Cloud Composer, writing a DAG file is running code as a service accountGCP

Drop a Python file in the Composer DAGs bucket and Airflow runs it as the environment service account. Deleting one object is not enough. Here is durable containment.

Jamf Pro as a weapon: one rogue profile reaches the whole Mac fleet

Jamf Pro is Tier-0 fleet control. Stolen admin and API credentials push a root cert and root-level script to every Mac. Cut the source, do not reimage laptops one by one.

Jenkins credential store dump: one job binds the whole chest

A Jenkins job with configure access can bind the entire credential store and exfiltrate it. The principal is the set of stored secrets, so you rotate the whole store and the downstream keys it protected.

Killing AWS Backup before ransomware: the anti-recovery moveAWS

Attackers destroy your ability to recover before they destroy your data. Deleting recovery points and weakening the vault is a ransomware precursor, and Vault Lock is the answer.

KMS key policy tampering: how encrypted data is read by an outsiderAWS

A key policy is the access control for a KMS key. Rewrite it to trust an external account and your encrypted data becomes readable to an outsider. Encryption safe-harbor collapses.

Kudu console to managed-identity token: stopping App Service credential theftAzure

App Service ships an interactive Kudu console. Any Contributor can use it to grab the publish profile and mint the app's managed-identity token. Here is how you make that token inert.

Leaked Asana PAT: revoke the token, not the userSaaS

An Asana Personal Access Token that leaks into a repo or CI log carries one user's access into the API. Here is how the sweep looks and why you revoke the token, not lock the person.

Low-code, long memory: when an Okta Workflows flow becomes the attackerAzure

An attacker builds an Okta Workflows flow that provisions accounts, steals tokens, and resets MFA on a schedule. It keeps acting long after the attacker's admin session is gone.

Lowering the bar: forging a compliant device past Conditional AccessEntra & M365

Conditional Access trusts devices Intune calls compliant. An attacker who can edit the policy does not improve a device. They lower the bar until a rogue endpoint passes.

Masked is not secret: GitLab CI variable theft and backdoored builds

GitLab masking hides values in logs, not from the job. A pipeline edit can read masked variables and exfiltrate them, then ship a backdoored artifact downstream.

MSSQL linked-server chain: from a query hop to Domain Admin

An attacker hops SQL linked servers, abuses TRUSTWORTHY and EXECUTE AS to reach sysadmin, runs OS commands, and escalates. Resetting one login fixes none of the chained primitives.

No login to chase: a Salesforce Apex trigger that leaks on writeSaaS

A rogue Apex trigger exfiltrates records every time a row is written. There is no suspicious session to revoke, because the attacker is now code living inside the platform.

No password needed: GCP metadata SSH keys and OS Login admin abuseGCP

An attacker writes an SSH key to project-wide metadata and grants itself OS Login admin, getting a shell on every VM. The foothold lives in metadata and IAM, not the session.

No password to reset: NetSuite integration token abuseSaaS

A leaked NetSuite token-based-auth integration credential is replayed off-host to bulk-pull the general ledger. The principal is a token, not a person, so you revoke, not reset.

OIDC trust gone wide: when a fork can assume your deploy roleSaaS

A wildcard in a cloud role's OIDC trust condition lets any fork's workflow assume the deploy role. There is no key to rotate. You fix the trust condition itself.

One export call, the whole table: DynamoDB point-in-time exfiltrationAWS

A point-in-time export copies an entire DynamoDB table to S3 without touching read capacity. Throttling the table does nothing, so containment has to target the role.

One provisioning push, backdoor accounts in every connected appSaaS

Okta is the authoritative source your SaaS apps trust over SCIM. Weaponize that and a single assignment fans backdoor accounts and elevated roles into a dozen apps at once.

One StackSet operation, a backdoor in every AWS accountAWS

Service-managed StackSets fan out automatically, so one CreateStackInstances call can plant a backdoor role in every account in an AWS Organization. Here is how to contain it.

Passwordless persistence: the app backdoor secret rotation cannot fixGCP

A federated identity credential lets an app trust an external issuer with no stored secret. Added by an attacker, it is a backdoor that rotating the app's secrets does nothing to close.

Poisoned artifact: how one Artifactory token taints every build

A stolen Artifactory token publishes a poisoned package version to a shared repo. Every pipeline that floats to latest pulls and runs it. Containment protects consumers, not just the repo.

Poisoned knowledge base: prompt injection drives a Bedrock agentAWS

Hide instructions in a document the agent ingests and it follows them, calling its action group to read backend data. You cannot out-instruct an injection.

Poisoning a Lambda layer backdoors every function that imports itAWS

Publish a malicious version of a shared Lambda layer and the backdoor runs inside every function that picks it up. You cannot surgically un-poison shared code.

Pushing a rogue trusted root to the fleet: Intune profile MITMEntra & M365

A configuration profile bundling a rogue proxy and an attacker trusted root, pushed to every device, sets up fleet-wide TLS interception. Cleaning one laptop misses the point.

PyPI maintainer takeover: a backdoored release reaches every install

A taken-over maintainer account publishes a backdoored release that unpinned installs pull. Revoke the publish tokens, not just the password, then yank the release and advise pinning.

RBCD takeover: how a default quota becomes a Domain AdminActive Directory

A standard user mints a computer, writes a delegation attribute on a target, and impersonates Domain Admin via S4U. Password resets do nothing, so you clear the trust and zero the quota.

Read-only and still hostile: Resource Graph as a tenant scoutAzure

A broad Reader plus Azure Resource Graph maps your whole tenant in minutes with zero writes. Recon is the opening move, and waiting for a change hands over the map.

Redirecting a Pub/Sub push endpoint: the event stream becomes a tapGCP

Change a push subscription's endpoint and the whole event stream flows to the attacker. Stopping publishers is the wrong reflex. Here is how to fix the tap.

Redshift UNLOAD dump: the warehouse export that wasn't yoursAWS

An over-privileged analytics role mints temporary cluster credentials and UNLOADs whole tables to an attacker bucket. Querying is routine, so only the export target gives it away.

Revoke the tree, not the token: a Vault secret-path sweep

An over-broad Vault policy lets one leaked token sweep secrets across every team. Revoke its whole lease tree, then treat every secret it read as already compromised.

Rewriting the guardrails: network zone and ThreatInsight bypass in OktaSaaS

Some attackers do not target a user. They edit Okta's defenses so their own sign-ins are trusted and detection goes blind, then walk in unchallenged.

Rogue federation in Entra: forging tokens for any user in a domainEntra & M365

A Global Admin who adds a rogue token-signing trust to a domain can forge valid sign-ins for any user. You cannot revoke one forged token.

Rogue hardware as trusted corporate device: Autopilot enrollment hijackEntra & M365

Import a hardware hash and an attacker's laptop becomes a trusted, managed corporate endpoint. The foothold is a device identity, not a session, so block-one-sign-in fails.

Roles Anywhere abuse: when a stolen certificate mints AWS credentialsAWS

AWS Roles Anywhere trades an X.509 certificate for live role credentials. Steal a chaining cert and you mint sessions from anywhere. There is no password to reset.

SCCM takeover: a recoverable credential and a coercible site serverActive Directory

SCCM offers two primitives: a recoverable Network Access Account credential and a coercible site server. Resetting one account fixes neither, so you close coercion, credential, and relay.

Silent org-wide mailbox reads: Exchange ApplicationImpersonation abuseEntra & M365

An over-privileged app with org-wide mailbox impersonation reads any mailbox quietly. No user is phished and no password reset stops it, because it authenticates as an app.

Skeleton Key: the master password that lives only in DC memoryActive Directory

Skeleton Key patches LSASS on domain controllers to add a master password while real passwords still work. It is memory-resident, so you reboot to evict it, not reset passwords.

Smishing from your own numbers: Twilio API key abuse and OTP interceptionSaaS

A leaked Twilio key sends SMS phishing from your trusted senders and rewrites messaging routing to mirror inbound OTPs. You revoke the key and revert the webhook, because there is no human to reset.

SNS subscription hijack: one rogue subscriber copies every messageAWS

Add one off-domain endpoint to a sensitive SNS topic and you quietly receive every message, then publish spoofed lures to all the real subscribers. Two harms, one Subscribe call.

Soft delete off, backups gone: the alarm before Azure ransomwareAzure

Ransomware crews delete your backups first, because a backup is what lets you say no. Soft delete turned off plus backup items deleting is the alarm. Act before encryption, not after.

Stolen Vercel deploy token ships a skimmer: roll the alias back

A stolen Vercel deploy token promotes a malicious build to production and serves a skimmer to live visitors. Production is just an alias, so the fastest fix is an instant rollback.

Stripe restricted key abuse: refund fraud plus a quiet PII scrapeSaaS

A leaked Stripe restricted key with refund-write and customer-read issues fraudulent refunds and scrapes customer PII. You roll the key, cap refunds, and treat it as loss plus a data exposure.

Tapping a message stream with a policy edit: AWS SQS cross-account siphonAWS

Rewrite an SQS queue policy to add an external account and you tap an internal message stream. The access lives in a resource policy, so a network block will not stop it.

Tapping the data pipeline: Fivetran connector credential abuse

Fivetran connectors hold standing keys to your source databases and your warehouse. A stolen connector credential makes the pipeline that copies your data a read path straight into it.

Tapping the event stream: Confluent Cloud API key abuseSaaS

A stolen Confluent Cloud API key lets an attacker add a consumer that reads sensitive topics, intercepting PII in motion. You do not breach a database, you subscribe to it.

Terraform state is a secret store: when a stolen token reads everything

A stolen Terraform Cloud token reads plaintext secrets out of state and queues applies that rewrite infrastructure. The principal is the token, so you revoke, not chase a human.

The BigQuery schedule that exfiltrates long after the attacker leavesGCP

A rogue BigQuery scheduled query runs as a service account and exports sensitive rows on every interval. Cancelling one run does nothing; you must delete the saved schedule.

The certificate connector as a credential factory: SCEP and PKCS abuseEntra & M365

Retarget an Intune issuance profile and the certificate connector will mint auth certs for anyone. You cannot reset a password against a cert, so containment is different.

The connector that sees every password: Okta AD agent compromiseSaaS

In delegated auth, the user's plaintext password passes through the Okta AD agent. Own that host and you intercept credentials in flight and tamper with the results.

The Cosmos DB key that walks straight past Entra RBACAzure

A leaked Cosmos DB primary key is a data-plane master credential that ignores Entra RBAC and conditional access entirely. There is no account to lock out, so you rotate.

The Event Grid tap: a rogue subscription that hides in fan-outAzure

Event Grid fans out one-to-many, so a rogue subscription mirrors your events without breaking anything. Blocking the endpoint gets repointed. Here is the real fix.

The fix is in Git: stopping ArgoCD from re-syncing attacker manifestsGCP

Delete an attacker workload from a GitOps cluster and the controller re-creates it within minutes. The source of truth is Git, so that is where containment lives.

The IDE extension that steals every developer's secrets

A popular VS Code or OpenVSX extension auto-updates to a malicious version that reads env vars, tokens, and SSH keys from every dev that installs it. Removing it is not containment.

The internal tool that holds prod: Retool resource credential abuseSaaS

Retool apps connect to production with a stored, privileged credential, so reaching the app means querying prod without ever holding the database password. Here is how to contain it.

The key is the principal: stolen Okta service-app credentials, headless adminSaaS

An Okta service app signs in with a private key and no user, so MFA and password resets are irrelevant. Steal the key and you drive the admin API headlessly.

The key you cannot rotate: DPAPI domain backup key theftActive Directory

One stolen domain DPAPI backup key decrypts every user's protected secrets, offline and forever. You cannot rotate it quickly, so you rotate the secrets it protects.

The mailbox backdoor that survives a password reset: FullAccess delegatesEntra & M365

Add-MailboxPermission grants a FullAccess delegate on executive mailboxes. Because it is tied to a delegate, not the owner credential, it survives the victim's password reset.

The privilege escalation your tenant-wide role review never seesEntra & M365

An Administrative Unit scoped role looks harmless until a privileged account lands inside that unit. Then a regional helpdesk operator can reset a Tier-0 password, invisibly.

Turning the lights off first: GCP log sink and audit-config tamperingGCP

An attacker deletes the SIEM export sink and disables Data Access logs before the real work. The tampering itself is recorded in always-on Admin Activity logs.

Two things to rotate when a Plaid secret harvests bank data

An attacker with your Plaid client secret and stored access tokens bulk-pulls users' balances and transactions. User password resets do nothing. You rotate the secret and invalidate the Items.

Update Manager as a weapon: one config edit, code on the whole fleetAzure

Azure Update Manager runs code across a VM fleet on a schedule. One tainted maintenance config becomes simultaneous execution on hundreds of machines. Stop the chokepoint, not the VMs.

Vault export equals total blast radius: a password-manager breachSaaS

A hijacked admin session exports shared vaults, and every secret inside is now compromised. You cannot rotate them one at a time, so containment is a prioritized mass-rotation.

When a BI embed token reads the data behind the dashboard

A leaked BI embed token does not just render dashboards. It can export the raw datasets underneath them. Here is the attack and the fix that keeps an embed identity in its slice.

When a Cognito app client becomes the front door for takeoverAWS

A public Cognito app client with open self-signup and broad scopes lets an attacker mint trusted tokens and take over user accounts. Here is the path and the fix.

When a feature flag is a control plane: LaunchDarkly token abuseSaaS

A stolen LaunchDarkly API token can flip the flag that gates a security control, turning it off in production with no code change. Here is the attack and the real fix.

When a Temporary Access Pass becomes permanent attacker MFAEntra & M365

A Temporary Access Pass is meant to bootstrap a user's own MFA. Issued by the wrong hands, it lets an attacker register their own authenticator and outlive any password reset.

When a WAF in Detection mode protects nothing: Front Door edge tamperingAzure

A privileged config change can flip a Front Door WAF from Prevention to Detection and expose the origin directly. The flip is the incident, recorded before any successful exploit.

When an app permission is Global Admin: Graph role-write takeoverEntra & M365

Some Microsoft Graph application permissions are effectively tenant takeover. An app-only token with role-write power can grant itself Global Administrator.

When an attacker turns off your alarms: PagerDuty key abuseAWS

A stolen PagerDuty API key can blind responders by creating broad maintenance windows and read on-call data for social engineering. Containment is two-part: kill the key and reverse the suppression.

When an IAM Condition trusts the caller: CEL bypass and Deny gapsGCP

An IAM Condition that keys on an attribute the caller can set is no control at all. Removing the principal does not fix the logic. Here is how you actually close it.

When eDiscovery becomes an exfil engine: Purview mass export abuse

Purview eDiscovery searches and exports across every mailbox, SharePoint, and OneDrive. An insider with the role can run a data theft that looks just like a legal hold.

When one Cloudflare token reroutes your DNS and kills your WAF

A stolen Cloudflare token repoints a login record to attacker infrastructure and disables the WAF in the same window. You roll the token and restore both the record and the rules.

When remote wipe becomes a weapon: stopping Intune mass destructionEntra & M365

Remote wipe is a legitimate Intune feature. In the wrong hands it is a destruction button at fleet scale. Here is how to recognize it and halt it mid-incident.

When the attacker mutes Grafana: your observability as evasionAWS

A stolen Grafana service-account token does not just read dashboards. It mutes and deletes the alert rules that would catch the next move, turning your observability plane into an evasion surface.

When the IdP admin API is Tier-0: OneLogin backdoor persistenceSaaS

Leaked OneLogin admin API credentials are effectively Tier-0. The attacker mints backdoor users, provisions into connected apps, and weakens MFA. A password reset will not stop it.

When the key is the data: racing the KMS destruction window on CMEK backupsGCP

Destroying the CMEK that encrypts backups makes them unrecoverable, both data denial and extortion leverage. KMS schedules destruction, so the window is your recovery chance.

When the leak attacks your visitors: Webflow CMS token abuseSaaS

A leaked Webflow token injects a watering-hole script into your live public site and exports form-submission PII. Unlike a back-office leak, your visitors are at risk right now.

When the principal is a token: Shopify Admin API data theft

A leaked Shopify Admin API token pages through every customer and order. The principal is the app, not a login, so a password reset does nothing. Here is what actually contains it.

When the WAF vanishes: Cloud Armor policy tamperingGCP

An attacker with securityAdmin can quietly edit a Cloud Armor policy to strip the WAF and expose a backend. Restore the whole policy from IaC, not the one rule you noticed.

When your patch server turns on you: rogue WSUS update to SYSTEMActive Directory

Every domain client trusts WSUS as its patch source. One malicious approved update runs an attacker command as SYSTEM across the whole fleet at once.

Why a password reset does not stop a stolen refresh tokenEntra & M365

A phished refresh token keeps minting fresh access tokens after the help desk resets the password. The credential outlives the password.

Why disabling an account does not kill a live tokenEntra & M365

You disabled the phished account and reset the password, yet the attacker keeps reading mail. A stolen token keeps working against resources that do not enforce Continuous Access Evaluation.

Why Firestore security rules will not stop a leaked service-account keyGCP

Firestore IAM is database-wide, so one over-broad datastore grant exposes every collection. Security rules govern client SDKs, not a server-side key, so they cannot help here.

Why revoking a Sentry token does not contain the breach

A stolen Sentry token downloads your source maps and reads secrets captured in error events. Revoking the token stops new access, but the leaked secrets stay valid until you rotate them.

Your Conditional Access does not cover service principalsGCP

Conditional Access scoped to users never evaluates for a service principal. With a stolen secret, a workload signs in from anywhere with no MFA, no location control.

Your data factory is already an exfiltration engineAzure

A data factory stores the credentials to reach every store it connects, so an attacker who can author a pipeline gets ready-made exfiltration that looks like normal ETL.

Your Postman environment is a secret store: the public leak pathSaaS

A public Postman workspace leaks every API key and token developers embedded in it. The blast radius is the contents of the environment, not the tool. Here is how to contain it.

Your security findings as the attacker's target map: Wiz token abuseSaaS

A leaked read-only Wiz token changes nothing, yet it hands an attacker your prioritized map of exploitable weaknesses. Revoking it is not the end. You race to fix what was exposed.

Relaying NTLM straight into Exchange (CVE-2024-21410)Active Directory

If your on-prem Exchange does not enforce Extended Protection, an attacker can coerce a victim's NTLM and relay it straight in, authenticating as them. Here is CVE-2024-21410, and the fix that actually closes it.

The backdoor that runs on a schedule, with no serverAWS

Cloud persistence does not need a host. An attacker can wire EventBridge to a Step Functions state machine that runs as a role and recreates access on a schedule, in the control plane where no endpoint scan looks. Here is the pattern, and how to remove it.

The silent subscription copying your event streamGCP

GCP Pub/Sub carries your event stream, sometimes with PII. An attacker can attach a new subscription to a busy topic and quietly receive a copy of every message, while the topic keeps working normally. Here is the covert tap, and how to remove it.

The workflow that grants itself a roleAzure

An Azure Logic App runs as a managed identity that often holds standing subscription rights. Whoever can edit the workflow can act as that identity, read Key Vault, and assign a role. Here is the path, and how to close it.

They stole your contracts, then sent lures from your brandSaaS

An e-signature platform holds executed agreements, signer PII, and a channel recipients are conditioned to open and sign. A stolen token does double damage: bulk-download the contracts, then send phishing from your trusted account. Here is the abuse, and the fix.

A build pipeline made them an adminAzure

Whoever can change or trigger an Azure DevOps pipeline holds its service connection's rights in Azure. Edit the YAML, press run, and the pipeline grants a role or prints a secret. Here is the CI/CD path, and how to close it.

Forging the token that says trust me (Golden SAML)Active Directory

Steal your AD FS token-signing key and an attacker can mint SAML tokens for anyone, to any federated app, bypassing passwords and MFA. Here is Golden SAML, and how to limit the blast radius.

From a normal account to domain admin (noPac)Active Directory

A pair of Active Directory bugs let any user who can join machines rename a computer account to impersonate a domain controller and request its tickets. Here is noPac, and the patch and config that stop it.

One call empties your Secrets ManagerAWS

AWS Secrets Manager holds the database passwords and API keys that unlock everything else. With broad read permission, an attacker lists and retrieves every secret in seconds. Here is the exfil, and the fix.

One leaked token, your whole org's source codeSaaS

A GitHub personal access token or OAuth grant is a password that skips MFA and often carries org-wide scope. Leak one and an attacker clones everything, then mines it for more secrets. Here is the path, and the fix.

One token can empty the lakehouseSaaS

A stolen Databricks token bypasses MFA and reads whatever its identity can. No exploit, no password, and gigabytes of data leave through a normal API. Here is how, and the controls that hold.

Resetting a domain controller's password to nothing (Zerologon)Active Directory

A flaw in Netlogon let an unauthenticated attacker on the network set a domain controller's machine password to empty, then take the domain. Here is Zerologon, why it was catastrophic, and the fix.

The backdoor your password reset never touchedGCP

An attacker with the right permission mints a long-lived key for a privileged GCP service account. It survives password resets, session revocation, and works from anywhere. Here is the persistence, and how to remove it.

The change that rewrites the directory itself (DCShadow)Active Directory

DCShadow lets an attacker register a rogue domain controller and push malicious changes straight into Active Directory, bypassing the logs that watch normal changes. Here is the stealth-persistence trick, and the fix.

The old identity that still opens every door (SID History)Active Directory

SID History was built so users keep access after a migration. Inject a privileged SID into an account and it inherits that access invisibly, across domains. Here is the abuse, and the fix.

The support file that handed over your sessionsAWS

A HAR file you upload to support to debug an issue can contain live session tokens. Steal it, replay the token, and the attacker is you, with no password and no MFA. Here is the lesson from the Okta breach, and the fix.

The sync account that bridges both worldsEntra & M365

Entra Connect synchronizes on-prem AD to the cloud using a highly privileged account on both sides. Compromise it and an attacker pivots between your directory and your tenant. Here is the risk, and the fix.

The wiki that stores your runbooks and your secretsSaaS

Confluence and Jira hold architecture, runbooks, and the credentials teams paste into pages. A stolen token or an over-scoped app reads it all, no exploit required. Here is the risk, and the fix.

Your app is handing strangers AWS credentialsAWS

An over-permissive Amazon Cognito identity pool gives anyone with your public pool id working AWS credentials. No exploit, no stolen key. Here is the misconfiguration, and the only control that matters.

Your chat app leaked your secretsSaaS

It was just Slack. So why does the attacker have a dozen of your passwords and API keys? Because of where your team kept pasting them. Here is the data-theft path, and how to govern it.

Your CRM walked out through the Bulk APISaaS

Nobody hacked Salesforce. A login and a connected app you approved exported your entire customer list in minutes. Here is the data-breach path most teams do not watch, and how to close it.

Your ITSM knows everything, and an attacker can export itSaaS

ServiceNow holds tickets, asset inventory, secrets pasted into fields, and integrations into everything. A compromised account or a permissive ACL turns it into a data-exfil and pivot point. Here is the risk, and the fix.

Adding a key to someone else's account (Shadow Credentials)Active Directory

With write access to one attribute on a target account, an attacker can add their own key and then authenticate as that account, no password reset, no noise. Here is Shadow Credentials, and the fix.

No key was stolen, but now they are your GCP service accountGCP

Workload Identity Federation lets an external identity impersonate a GCP service account with no key. One over-broad trust condition lets the wrong identity in. Here is the keyless attack, and the fix.

The app you approved is reading your mailEntra & M365

Consent phishing skips your password entirely. The victim clicks Accept on a real Microsoft consent screen, and a malicious app gets standing access to their mailbox and files. Here is the grant, and the fix.

The help-desk call that reset the attacker's MFAIdentity & Access

The fastest way past MFA is often a phone call. Convince the service desk you are a locked-out employee and they enroll the attacker's device. Here is the social-engineering path behind major breaches, and the fix.

The policy that only looked like a wall (Conditional Access bypass)Entra & M365

Conditional Access is only as strong as its gaps: a legacy protocol, an excluded app, an unmanaged path. Attackers find the seam and walk around the policy. Here is how, and how to close the gaps.

The proxy that steals the session, not the password (AiTM)Identity & Access

Adversary-in-the-middle phishing sits between the user and the real login, relaying everything including MFA, then steals the session cookie. The password and the second factor do not matter. Here is AiTM, and the fix.

The server that can impersonate anyoneActive Directory

A host with unconstrained delegation caches the Kerberos ticket of everyone who connects, including a domain controller you can coerce. Here is how that becomes domain compromise, and how to remove it.

The whole SharePoint left through GraphEntra & M365

Once an attacker holds broad Microsoft Graph access, your SharePoint and OneDrive are just an API away. No malware, no download click, gigabytes of documents gone. Here is the exfil path, and the fix.

They are signing in as an app, not a userEntra & M365

You reset the admin, revoked the sessions, and the attacker is still reading every mailbox. They added a credential to a privileged app. Here is the Entra persistence that survives password resets.

When every local admin password is the sameActive Directory

Without LAPS, one cracked or dumped local administrator password often unlocks every workstation in the building. Here is why shared local admin is a lateral-movement superhighway, and the fix.

Writing yourself the right to impersonate (RBCD)Active Directory

If an attacker can edit one delegation attribute on a computer object, they can tell it to trust an account they control, then impersonate any user to that machine. Here is resource-based delegation abuse, and the fix.

A pod that talks its way to cluster admin (GKE RBAC)GCP

A compromised pod with a permissive Kubernetes role, or access to the node's service account, can escalate to control the whole GKE cluster. Here is the path from one container to cluster-admin, and the fix.

Borrowing a more powerful identity (GCP impersonation)GCP

In GCP, the right to impersonate a service account is the right to become it. One serviceAccountTokenCreator binding can chain a low-privilege identity up to a powerful one. Here is the path, and the fix.

Disabling the guardrails before the heist (GCP Org Policy)GCP

GCP Organization Policies are the guardrails that stop public buckets, key creation, and external sharing. An attacker with org-level rights turns them off first, quietly, then does the damage. Here is the move, and the fix.

One read can empty an Azure Key VaultAzure

A Key Vault holds the credentials that unlock everything else. With a broad grant on a network-open vault, one identity can list and read every secret in seconds. Here is how, and the lockdown that holds.

Querying your warehouse straight out the door (BigQuery)GCP

BigQuery holds your analytics crown jewels, and an attacker with read access can run one export job to copy it all to a bucket they control. Here is the exfil, and the fix.

Relaying your way to a domain-admin certificate (AD CS ESC8)Active Directory

If your AD CS web enrollment accepts NTLM, an attacker can coerce a domain controller to authenticate, relay it, and walk away with a certificate that is the DC. Here is ESC8, and how to stop it.

The accounts that hand out crackable tickets (AS-REP Roasting)Active Directory

Any account with Kerberos pre-authentication disabled will return crackable material to anyone who asks, no credentials needed. Here is AS-REP Roasting, and the one setting that stops it.

The function that leaks its own identityAzure

An Azure Function with a managed identity can fetch its own token from a local endpoint. A code-injection bug or an SSRF turns that into the function's cloud rights in an attacker's hands. Here is how, and the fix.

The scheduled job that owns your subscriptionAzure

An Azure Automation runbook runs your code as a managed identity with standing rights in the subscription. Edit it, trigger it, and the attacker is operating as that identity. Here is the path, and how to close it.

The storage key that ignores your RBACAzure

Azure storage account keys grant full access to everything in the account, never expire, and bypass Entra RBAC entirely. Here is why a single leaked key is a whole-account breach, and how to remove it.

Your build pipeline shipped the attacker's codeGCP

GCP Cloud Build runs as a powerful service account and produces the artifacts you deploy. Tamper with the build and you have poisoned everything downstream, signed and trusted. Here is the supply-chain path, and the fix.

Your serverless app is a service account one bug from a shellGCP

A GCP Cloud Run service or Cloud Function runs as a service account and can fetch its token from the metadata server. One app bug and the attacker is calling GCP as your service. Here is the path, and the fix.

A hacked container can hand an attacker your AWS accountAWS

Containers in ECS and EKS read their AWS credentials from a local endpoint. Pop one container and the attacker calls AWS as its role, with no key to steal. Here is how it works and how to bound the blast radius.

The bucket you forgot was publicAWS

A single misconfigured S3 bucket policy can expose gigabytes of customer data to anyone who finds the name. No exploit, no credentials. Here is the oldest cloud mistake, still happening, and the fix.

The function that runs the attacker's code foreverAWS

A Lambda function executes as an IAM role and fires on triggers you cannot easily see. Modify one and the attacker has durable execution and your role's rights, on every invocation. Here is the backdoor, and the fix.

The permission that promotes itself (AWS PassRole)AWS

An attacker with iam:PassRole and a service that assumes roles can hand a powerful role to a resource they control, then operate as that role. Here is the classic AWS privilege-escalation path, and the fix.

The ticket that never expires (Golden Ticket)Active Directory

Steal the krbtgt account's key and an attacker can forge Kerberos tickets for any user, with any privileges, for as long as they like. Here is the Golden Ticket, why it is so hard to evict, and the fix.

They sent the phish from your own email serviceAWS

An attacker in your AWS account does not need a lookalike domain. They send the phish through your own SES, from your real domain, signed and trusted. Here is the abuse, and how to shut it.

Nobody queried your database, but the whole copy is goneAWS

An attacker with RDS permissions does not need SQL to steal your data. They snapshot the database and share it to an account they control. Here is the back door, and how to close it.