Cloud Security Podcast

Cloud Incident Response in Microsoft Azure

Feb 20, 2025

In this engaging discussion, security researcher Katie Knowles, a former Azure incident responder, dives into critical Azure security topics. She unpacks common incident response scenarios and the rising threat of LLM jacking, where attackers misuse authentication tokens. Katie shares insights on privilege escalation in Azure Key Vault and emphasizes the importance of secure role assignments. She also offers practical tips for developing an effective Azure incident response playbook, making Azure's intricate security landscape accessible to all.

54:15

Creator website

Episode guests

Katie Knowles

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

Understanding LLM jacking is crucial, as it represents a significant risk by exploiting authentication tokens to hijack computing resources in cloud environments.

Incident response within Azure requires tailored strategies, emphasizing the creation of a robust incident response plan informed by real-world examples.

Managing identity and permissions in Azure Active Directory is complex, necessitating careful oversight to prevent unauthorized access and privilege escalation risks.

Deep dives

Understanding LLM Jacking and Resource Theft

LLM jacking is emerging as a significant risk in cloud environments, highlighting another form of resource theft. This technique exploits authentication tokens and API access to hijack useful compute power from legitimate users. Attackers leverage these tokens to route queries through large infrastructures for malicious purposes, effectively creating a backend pool of AI resources for their needs. As this trend continues, it becomes crucial for organizations to learn about these vulnerabilities and implement safeguards against unauthorized access.

Intro

2min

Navigating Azure Security and Identity Management

25min

Emerging Threats: LLM Jacking in Azure

2min

Understanding Privilege Escalation in Azure Key Vault

3min

Understanding Administrative Units and Their Security Implications in Azure

4min

Mastering Azure Incident Response

15min

From Hobbies to Cloud Security

4min

In this episode, we dive deep into Azure security, incident response, and the evolving cloud threat landscape with Katie Knowles, Security Researcher and former Azure Incident Responder. We spoke about common Azure incident response scenarios you need to prepare for, how identity and privilege escalation work in Azure, how Active Directory and Entra ID expose new risks and what security teams need to know about Azure networking and logging.

Guest Socials: ⁠⁠⁠⁠⁠⁠⁠⁠⁠Katie's Linkedin

If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:

-⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Podcast- Youtube⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Newsletter ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security BootCamp⁠⁠⁠⁠⁠⁠⁠

If you are interested in AI Cybersecurity, you can check out our sister podcast -⁠⁠⁠⁠⁠⁠⁠ AI Cybersecurity Podcast

Questions asked:

(00:00) Introduction

(02:27) A bit about Katie

(03:17) Domain Admin in Azure

(07:03) Common causes of incidents in Azure

(08:53) Identities in Azure