Hijacking Azure Machine Learning Notebooks (via Storage Accounts)
Abusing Storage Account Permissions to attack Azure Machine Learning notebooks
NetSPI Labs
We focus on the ideation and incubation of new security products, delivery models, and technology-enabled services. NetSPI Labs represents the investments we are making in bleeding edge research and development at NetSPI, establishing new norms, and driving meaningful change throughout the cybersecurity community, to better serve our customers, and combat an ever-evolving threat landscape.
- Ideation: Gathering novel ideas and working to quickly understand market opportunity and viability.
- Design and Build: Guiding rapid design and ensuring cohesion between existing and emerging development.
- Launching Innovations: Delivering new innovative research, products, and services.
Hunting SMB Shares, Again! Charts, Graphs, Passwords & LLM Magic for PowerHuntShares 2.0
Learn how to identify, understand, attack, and remediate SMB shares configured with excessive privilege in active directory environments with the help of new charts, graphs, and LLM capabilities.
Backdooring Azure Automation Account Packages and Runtime Environments
Azure Automation Accounts can allow an attacker to persist in the associated packages that support runbooks. Learn how attackers can maintain access to an Automation Account.
Hijacking SQL Server Credentials using Agent Jobs for Domain Privilege Escalation
Learn how threat actors can exploit SQL Server credential objects to escalate domain privileges and how you can detect it.
Extracting Managed Identity Certificates from the Azure Arc Service
The Azure Arc service is handy for bringing on-prem systems to the cloud, but it includes features that could lead to pivots from on-prem into your Azure environment.
Escalating Privileges with Azure Function Apps
Explore how undocumented APIs used by the Azure Function Apps Portal menu allowed for directory traversal on Function App containers.
15 Ways to Bypass the PowerShell Execution Policy
By default, PowerShell is configured to prevent the execution of PowerShell scripts on Windows systems. In this blog I’ll cover 15 ways to bypass the PowerShell execution policy without having local administrator rights on the system.
CVE-2021-42306 CredManifest: App Registration Certificates Stored in Azure Active Directory
The vulnerability, found by NetSPI’s cloud pentesting practice director, Karl Fosaaen, affected any organization that used Automation Account “Run as” accounts in Azure.
Published Research
The NetSPI Labs Team brings together a talented group of security experts,
including NetSPI Agents, who actively contribute to research projects.
Their collaboration pushes the boundaries of cybersecurity research,
playing a vital role in advancing innovation with NetSPI Labs.
Open LLM Security Benchmark
Authors: Kurtis Shelton, Nicholas Stang, Jake Karnes, Tristan Blackburn
Contributors: Karl Fosaaen, Scott Sutherland
This paper introduces a comprehensive benchmarking framework that evaluates both security and usability in parallel. Our research provides a systematic assessment of how different LLMs perform under adversarial conditions, designed to test their jailbreakability.
We welcome your participation in this study and encourage you to share your perspectives.
Meet the Labs Team
Karl Fosaaen
VP, Research
Scott Sutherland
VP, Research
Kurtis Shelton
Principal AI Researcher
Nick Stang
Head of Data Science
Tristan Blackburn
Data Scientist
Dustin Mallory
Principal Security Research Developer
Speaking Engagements
Explore upcoming talks and webinars from the NetSPI Labs Team and NetSPI Agents.